Head of Enterprise IT Security

Get to know our Team:

Grabber Technology Services (GTS) aims to be a technology leader that provides predictive and seamless experiences to all Grab employees (Grabbers).  We are a diverse team of technology practitioners looking to outserving Grabbers with positive, personalised IT experiences. We are looking for individuals with similar customer-centric and innovative values to join our growing team.


Get to know the Role:
 

Grab is looking for a technical security expert and influencer to provide vision and leadership to lead our Corporate IT Security for the development and support of Grab’s information security initiatives. He/she will lead a team of experienced security resources capable of fully executing the strategy.  Must be familiar with the principles and techniques of security risk analysis and must demonstrate an understanding of management issues involved in implementing security processes and the creation of a security-aware culture in a large corporate environment. Interactions require the ability to influence and persuade senior leaders as well as staff regarding complex and/or controversial situations. 

This person will act as our key security advisor and contributor on the Corporate Information Security team (CIS) to ensure security and regulatory compliance objectives are met. He/she will be Corporate Information Security’s single point of contact for IT/business teams; ensuring that IT/business are updated on security/compliance requirements, prioritizing security/compliance needs for IT/business, and collaborating with the IT/business teams to develop secure solutions to address security/compliance needs. 

This role will require someone with both strong stakeholder management skills and technical experience in at least two of the following areas: 

• Network and Infrastructure Security 

• Content (Application / Data) Security

• Mobility Security

• Endpoint Security

• Cloud Security

• Risk Assessment

• Vulnerability Management

The successful candidate will have experience in successful delivery of security strategies and roadmaps in a highly complex and technical environment with proven ability to deliver projects in highly dynamic and evolving environments. You'll have a solid understanding of security principles such as;  defence in-depth, diversity of defence, least privilege, compartmentalization, in addition how the appropriate security controls can be deployed to protect Grab’s data, applications, and IT infrastructure. 

The day-to-day activities:
 

• Drives and develops the Information Security Strategy and directs projects towards the desired security strategic goals for IT/business

• Prioritize and communicate Information Security requirements and timelines to IT and collaborate with IT/business to ensure that both IT & Information Security roadmaps are aligned. 

• Partner with IT to design and develop security architectures, frameworks, solutions and policies to ensure it aligns with Information Security’s Strategy. 

• Understanding of Grab’s IT technology stack and ability to receive constructive feedback on any new security policies, initiatives, or programs that might add major disruptions to IT systems and operations. 

• By leveraging the candidate’s deep technical and security knowledge, he/she will review the company’s current solutions/policies, and make recommendations that both minimizes overheads to IT operations/systems and ensures security requirements are met, including identifying and analysing functional and non-functional security requirements. 

• Determine how the components included in a system architecture should be organized to ensure that security requirements are met. Integrate technical, managerial, financial, and policy issues into solutions.

• Apply a working knowledge of security models and methods for integrating security into a system.

• Lead the development and implementation of effective and reasonable policies and practices to secure protected/sensitive data and ensure information security and compliance with relevant legislative and legal interpretation.

• Identify, report and control security incidents.

• Monitor threats and take appropriate preventative measures. 

• Drive awareness of security throughout the company, communicating continuously, consulting accordingly, and staying abreast of industry trends in the business and information security.

• Supervise the design and execution of vulnerability assessments, penetration tests and assure security audit findings are remediated in a timely fashion. 

• Collaborate with IT management, legal counsel, compliance, operations and human resources to establish and maintain a system for ensuring that security and privacy policies are met.

• Work with the central IT department on corporate technology development to fully secure information, computer, network, and processing systems; and to ensure the confidentiality, integrity and availability of the data residing on or transmitted to/from/through enterprise workstations, servers and other systems and in databases and other data repositories.

• Develop, track, and control the security services annual operating and capital budgets for purchasing, staffing, and operations.

• Where necessary, supervise recruitment, development, retention, and organization of security staff in accordance with corporate budgetary objectives and personnel policies.

• Promote and oversee strategic security relationships between internal resources and external entities, including government, vendors, and partner organizations.

The must haves:

• Overall strong background in systems engineering, security engineering, architecting, enterprise integration, and interoperability in a complex systems environment. Prior experience working in an IT function and working in an operations role. An in-depth understanding of capabilities deployed in security infrastructures. Knowledge of existing security standards, frameworks, models, and methods for developing and implementing security architectures 

• Deep understanding of methodologies, architectures, and practices employed to design and implement information sharing environments for supporting organizational and inter-organization sharing of cybersecurity information.

• Strong oral and written communication skills including the ability to independently author a wide range of technical documents.

• Strong interpersonal and collaboration skills working in a team-oriented environment.

• Knowledge of the security and privacy aspects of cloud computing solutions.

• Familiarity with widely-used tools for implementing and testing security infrastructures.

•  Knowledge of messaging, service, and event-based infrastructures.

•  Understanding of technical, operational, and management issues related to design, development, and deployment of complex and distributed systems.

• Understanding of interrelationships between critical infrastructure protection and cybersecurity Experience in or exposure to threat modelling 

*Certified Information Systems Security Professional (CISSP) Certification is plus