Reporting to the Group Director – Risk and Compliance, the Technology Risk and Cybersecurity Manager is responsible for embedding cybersecurity and information risk disciplines into the organization’s broader Enterprise Risk Management (ERM) framework. This ensures that technology-related risks are identified, assessed, quantified, and treated in a manner consistent with the organization’s risk appetite and governance structures. Beyond cybersecurity, the role carries oversight responsibility for the full spectrum of ICT risk across the Group’s technology estate, supervising the ICT Risk Specialist and ensuring that infrastructure, system, and change-related risks are integrated into the Group’s enterprise risk register alongside cybersecurity threats.
Key Responsibilities
- ERM Integration: Support the Director, Risk and Compliance in embedding cybersecurity and ICT risk within the enterprise risk management framework, ensuring technology risks are captured in the risk register and reported to governance forums in clear business terms.
- Team Leadership: Provide direct line management and professional development for the ICT Risk Specialist, Cyber Risk Specialist, and Project and Innovation Risk Specialist; setting objectives, coordinating workplans, and conducting performance reviews.
- Strategy Implementation: Implement the CIC Group Cybersecurity Strategy and prepare reports on risk appetite, monitoring thresholds for quarterly and annual reports to Management, regulators, and the Board of Directors.
- Incident Response: Lead the Group’s cybersecurity incident response capability, directing technical and governance responses to material incidents in accordance with the Cyber Incident Response Plan.
- Red and Blue Teaming: Direct the Group’s red and blue teaming program, commissioning annual adversarial simulation exercises and overseeing defensive monitoring and response capabilities.
- Security by Design: Provide expert input into the security design of IT architectures, system implementations, and digital transformation initiatives, ensuring security-by-design and privacy-by-design principles.
- Third-Party Risk Management: Implement the Group’s Third-Party Risk Management Framework for ICT vendors, monitoring supply chain cyber threats and third-party data breaches.
- Digital Forensics: Support digital forensic investigations, maintaining chain of custody and producing reports for management, board, regulatory, or legal proceedings.
- Budgeting & Resources: Participate in budgeting and resource allocation for the Risk and Compliance function.
- Audit & Compliance: Manage internal/external audits and regulatory engagements, tracking remediation of findings and maintaining cybersecurity risk policies and standards across all nine subsidiaries.
