No Agencies Please
The NBA is looking for a strong individual to lead establishment of standard cybersecurity principles within the NBA international businesses, reporting to the Chief Information Security Officer.
The role of this position is to be the primary cyber security leader for the APAC region with support extending to other regions as needed.
This position works with a team located in US who are involved in executing various compliance, engineering and operations based functions within Cyber Security. In addition, this leader will work closely with internal audit, IT Leaders, and the business to achieve a strong support and management of various security initiatives.
This leader will play a key role in supporting the improvement and action plans that are sourced from various audit engagement activities.
The purpose of this position is to balance the business risk to the region with the appropriate strategic security to protect NBA from threats that lead to untenable risk.
Provides advice to the regional business executives that could be impacted by compliance, risk, or Cyber Security threats.
Defines, develops and consistently provides financial and security reporting metrics to the business which demonstrate the value proposition of Cyber Security shared services.
Provides advice and counsel to the regional IT executives that could be impacted by compliance, risk, or Cyber Security threats.
Attains a clear understanding of the region’s business processes, local business initiatives and is able to proactively advise local leadership of potential risks that may have material impact to the business.
Communicates, oversees, and localizes the implementations of security solutions required to meet business local objectives.
Works closely with enterprise IT, other functional area specialists to ensure adequate security is in place throughout all IT systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements.
Delivers a partnered role in providing network and system security advice and risk analysis to business units who engage with the Cyber Security team.
Has expert knowledge and understanding of the following and is able to work as a liaison between the business and the security operations team in the following areas – networks, systems, cyber threats, platforms, IPS technology, DLP technology, firewalls, forensics, vulnerabilities, authentication, authorization, anti-malware systems, communication protocols, applications, databases, etc.
Indirectly manages supporting resources across global NBA to ensure control risks are appropriately addressed and mitigated.
Establish credibility throughout the organization in systems, processes and people by demonstrating NBA Values.
Required Experience & Knowledge:
- Possesses the ability to weigh business risks and ensure compliance with appropriate information security measures.
- Possess a high energy level and strong work ethic with a commitment to continuous improvement in a dynamic and changing environment that strives to exceed expectations.
- Outstanding interpersonal and communication skills along with the ability to manage both up and down within and parallel to their own reporting structure
- Six or more years of Cyber Security work experience as a regional or business unit security leader. A broad exposure to infrastructure/network and multiplatform environments in diverse geographic environments is required.
- Expert knowledge of security issues, techniques and implications across all existing computer platforms.
- Proven ability to work within a team environment.
- Ability to manage multiple priorities and deal effectively with the NBA senior management, staff members, and vendors.
- Ability to exercise discretion and use independent judgment in making decisions and work with minimal functional guidance.
- Must possess a high degree of integrity and trust along with the ability to work independently
- Excellent written and verbal communication skills
- Proven track record in the creation and adoption of strategic visions for security and IT roadmaps.
- Must have the ability to quickly master, simplify, and communicate the value proposition of complex subjects to stakeholders.
- Experience leading a large business unit, small company, or regional division in the primary security leadership role.
- Ability to influence and communicate at an executive level.
- Capable of translating local requirements or business mandates into actionable and proactive security measures to mitigate risk.
- Highly knowledgeable of network and system security principles such as defense in depth, granularity of privilege, etc. and how they are applied in practice, not only in theory.
- Expert knowledge of modern network security technologies.
- Expert knowledge of security controls and the ability to leverage compensating controls in response to audit findings.
- Strong project management skills to manage risk assessment activities and timelines.
- Strong knowledge of ISO 27001 and risk assessment processes to ensure a strong support engagement.
- Expert knowledge of risk assessment design and delivery.
- Pragmatic understanding of security problems as a mix of technology and process issues with the ability to pursue solutions at both layers within the organization.
- Knowledge of NIST 800-53, COBIT, ISO 27001/02
- Ability to travel up to 20%
Educational Background Required:
- Bachelor’s degree in Computer Science, Information Systems or a technically related discipline
- 8+ years of experience in the Information Security area
- Professional security management certification, such as a Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) is required.