- Information Technology
- Singapore - Singapore
It’s no secret that our intellectual property is massively critical to our success. But how do we keep it from the prying eyes of the bad guys? Dyson’s Global Cyber Security department works effectively to keep our secrets secret and secure our crown jewels using advanced technologies to stay one step ahead of the game. We use pragmatic approach to transform cyber security to enhance our business resilience to better manage potential cyber disruption. We invest new cyber security capabilities (technology, process, people) and leverage our strong cyber security ecosystems to tackle future threats.
The Information Security Compliance, Product & Manufacturing Security, Enterprise Security and Cyber Defence are the beating heart of Dyson’s Cyber Fusion Centre capabilities. They ensure the successful delivery of exciting new projects, existing toolsets remain effective & compliance, balancing of red & blue team capabilities, and Cyber Security incidents are managed timelty and efficiently.
The focus of this role is to manage Dyson’s Information Security and Compliance functions across the world. The security solutions you will be implementing and maintaining will be world class and protect our most important assets – our customers and our intellectual property. Your aim will be frictionless security, enabling the business to achieve their goals through effective security solutions and a strong cyber security culture.
Alongside the above, you'll also be responsible for the following:
- Provide technology leadership and be accountable for the development, implementation, communication, maintenance and governance in line with the cyber security strategy and roadmaps.
- Working as part of the Cyber Security leadership team, you will become the trusted adviser of Cyber Security expertise in your areas, pro-actively providing security leadership and guidance to business divisions, projects and 3rd parties.
- Work alongside our Cyber Security leadership team across the globe to contribute effectively to our Cyber Security Strategy, Governance Framework, and Roadmap.
- Establish Information Security Management Systems (ISMS) and Ensuring the development and management of Cyber security policies, standards, best practice guidelines, and support tools in line with Dyson’s security strategy.
- Cultivate core relationships between internal stakeholders and external partners and other third-party entities that support Dyson’s security requirements for handling sensitive data.
- Develop best practices to drive security risk and compliance assessment across Dyson’s infrastructure, systems and applications operated by Global IT, business divisions and operating entities in markets.
- Act as a single of contact (business partner management) for all security engagement in projects to support key initiatives from IT, business divisions and markets.
- Drive security campaigns globally to effectively enhance security awareness across Dyson global network.
- Take overall responsibility and ownership of Information Security & Compliance to provide necessary consultancy and steer to Dyson, in close collaboration with the other Cyber Security and Business functions to ensure framework and controls are applied consistently across.
- Accountable for reporting and communication to relevant stakeholders about the level of compliance to the policy framework. Drive Dyson’s key stakeholders for remediation of repeated non-compliance to the policy frameworks by working with IT and the Group senior management and ensure there is enough support to actions that might need to be taken to enforce compliance.
- Drive and co-ordinate all cyber security-related assessment on behalf of IT in respect to Dyson Cyber Security Framework. The responsibility includes ongoing management of IT security standards in close collaboration with Group Security, Information Risk Management, Data Governance, Privacy, Legal & Compliance, and Internal Audit.
- Plan and collate measurement metrics that will provide a realistic view of the compliance state of the IT environment of Dyson to all stakeholders. Manage an internal security risk & compliance team to drive and implement the controls effectively.
- Engage in discussions concerning the control framework with Internal / External Auditors (audit related); cooperate in completion of such audits.
- Oversee the closure of audit action points and issues; work with the department heads to ensure accuracy and completeness of responses.
- Conduct training, awareness, case study sessions on themes relevant to the current control environment to ensure uniform appreciation of existing risks and controls among the Operations teams.
- Initiate programmes/projects/analysis (as necessary) to pave way for a better control framework and continuous improvements across Dyson.
We seek applications from individuals with an exceptional track-record of building and leading global informtion security & compliance teams encompassing a range of responsibilities, including information security policy, governance, compliance, risk management, and awareness to continuously improve security maturity and culture within Dyson.
Alongside this, you'll bring the following:
- A highly self-motivated individual with positive mindset & can-do attitude, and a strong believer of “Security as an enabler” to support business growth.
- An exceptional track-record of building and leading global Cyber Security teams, encompassing a range of responsibilities including operational IT security, consultancy, implementation, and compliance.
- Demonstrable experience of developing strong partnerships across senior management teams within complex businesses, you'll possess the strength of character and conviction to make tough decisions when required.
- Expert knowledge and experience specific to enterprise information security (IT Infrastructure, Networks, Applications, Security controls, etc.)
- Strong hand-on knowledge of industry standard frameworks (ISO 27001, NIST, ITIL etc.), best practices (OWASP, CSA) and regulations (PCI DSS, GDPR, China Cyber Security Law, etc.)
- Ability to evaluate & articulate risks, develop consensus, raise awareness and provide thoughtfully considered security solutions to various key business stakeholders.
- Ability to translate and distil complex technical information across all levels of the organisation as required for the audience.
- Ability to effectively develops and manages all defined communication channels and relationship management with diverse stakeholder groups.
- Ability to lead and manage a specialist based, high performing and multicultural team.