- Information Technology
- Singapore - Singapore
Our Cyber Security teamIt’s no secret that our intellectual property is massively critical to our success. But how do we keep it from the prying eyes of the bad guys? Dyson’s Global Cyber Security department works effectively to keep our secrets secret and secure our crown jewels using advanced technologies to stay one step ahead of the game. We take a pragmatic approach, transforming cyber security in order to enhance our business resilience, enable our colleagues to move fast, delight our customers, and better manage potential cyber disruption. Investing in new cyber security capabilities across technology, process, and people, we build on and leverage our strong cyber security ecosystems to tackle future threats.
Our IT Security Risk & Compliance, Enterprise Security and Cyber Defence functions are the beating heart of Dyson’s Cyber Fusion Centre capabilities. Together, they enable the successful delivery of exciting new projects, help existing toolsets remain effective, enable and encourage compliance, balance red & blue team capabilities, and make sure that cyber security incidents are managed in a timely and efficient way.
About the roleThe focus of this role is to manage Dyson’s IT Security Risk and Compliance team responsible for IT security, risk and compliance across IT pillars. The security solutions you will be implementing and maintaining will be world class and protect our most important assets – our customers and our intellectual property. Your aim will be frictionless security, enabling the business to achieve their goals through effective security solutions and a strong cyber security culture.
Alongside the above, you'll also be responsible for the following:
- Provide people and operational management and be accountable for the development, implementation, communication, maintenance and governance in line with the IT security, risk and compliance strategy and roadmaps.
- Working as part of the IT Security Risk and Compliance team, you will become the trusted adviser of IT security expertise in your areas, pro-actively providing security leadership and guidance to business divisions, projects and 3rd parties.
- Work alongside with our Global Head of IT Security Risk & Compliance to contribute effectively to our IT Security Strategy, Governance Framework, and Roadmap.
- Supporting & implementing Information Security Management Systems (ISMS) and Ensuring the development and management of IT security policies, standards, best practice guidelines, and support tools in line with Dyson’s security strategy.
- Cultivate core relationships between internal stakeholders and external partners and other third-party entities that support Dyson’s security requirements for handling sensitive data.
- Develop best practices to drive IT security risk and compliance assessment (ISMS/PCI/SWIFT/ITGC) across Dyson’s infrastructure, systems and applications operated by Global IT, business divisions and operating entities in markets.
- Act as a single of contact (business partner management) for all security engagement in projects to support key initiatives from IT, business divisions and markets.
- Coordinate audit findings across Global IT & Cyber Security pillars to proactively driving risk remediation.
- Drive security campaigns globally to effectively enhance security awareness across Dyson global network.
- Provide necessary consultancy and steer to Dyson IT, in close collaboration with the other Cyber Security and Business functions to ensure framework and controls are applied consistently across.
- Responsible for reporting and communication to relevant IT stakeholders about the level of compliance to the policy framework. Drive Dyson’s key IT stakeholders for remediation of repeated non-compliance to the policy frameworks by working with IT and the Group senior management and ensure there is enough support to actions that might need to be taken to enforce compliance.
- Drive and co-ordinate all IT security compliance assessment (ISMS/PCI/SWIFT/ITGC) on behalf of IT in respect to Dyson Cyber Security Framework. The responsibility includes ongoing management of IT security standards in close collaboration with Group Security, Information Risk Management, Data Governance, Privacy, Legal & Compliance, and Internal Audit.
- Plan and collate measurement metrics that will provide a realistic view of the compliance state of the IT environment of Dyson to all stakeholders. Manage an internal security risk & compliance team to drive and implement the controls effectively.
- Engage in discussions concerning the control framework with Internal / External Auditors (audit related); cooperate in completion of such audits.
- Oversee the closure of audit action points and issues; work with the IT department heads to ensure accuracy and completeness of responses.
- Conduct training, awareness, case study sessions on themes relevant to the current control environment to ensure uniform appreciation of existing risks and controls among the Operations teams.
- Initiate programmes/projects/analysis (as necessary) to pave way for a better control framework and continuous improvements across Dyson.
About youWe seek applications from individuals with an exceptional track-record of managing IT security, risk and compliance teams encompassing a range of responsibilities, including IT security policy, governance, compliance, risk management, and awareness to continuously improve security maturity and culture within Dyson.
Alongside this, you'll bring the following:
- A highly self-motivated individual with positive mindset & can-do attitude, and a strong believer of “Security as an enabler” to support business growth.
- An exceptional track-record of managing IT Security Risk and Compliance team, encompassing a range of responsibilities including operational IT security, consultancy, implementation, and compliance.
- Demonstrable experience of developing strong partnerships across management teams within complex businesses, you'll possess the strength of character and conviction to make tough decisions when required.
- Practical knowledge and experience specific to enterprise information security (IT Infrastructure, Networks, Applications, Security controls, etc.)
- Strong hand-on knowledge of industry standard frameworks (ISO 27001, NIST, ITIL etc.), best practices (OWASP, CSA) and regulations (PCI DSS, GDPR, China Cyber Security Law, etc.)
- Ability to evaluate & articulate risks, develop consensus, raise awareness and provide thoughtfully considered security solutions to various key business stakeholders.
- Ability to translate and distil complex technical information across all levels of the organization as required for the audience.
- Ability to effectively develops and manages all defined communication channels and relationship management with diverse stakeholder groups.
- Ability to lead and manage a specialist based, high performing and multicultural team.
Our culture is unique. It's not easy or comfortable. It's certainly not for everyone, but if you thrive on challenge and are excited by change – it could be for you.
BenefitsDyson monitors the market to ensure competitive salaries and pension contributions. Beyond that, you’ll also enjoy a profit-related bonus, generous leave and life insurance. But financial benefits are only the start of a Dyson career. Rapid professional growth, leadership development and new opportunities abound, driven by regular reviews and dynamic workshops. And with a vibrant culture, flexible working hours, the latest devices and a relaxed dress code reflecting our engineering spirit, it’s an exciting team environment geared to creativity, innovation and ambition.
We are following the government guidelines regarding COVID19. At this time all interviews will be conducted via video or telephone. We’re taking these precautionary measures to protect both our employee and candidate wellbeing. Our Talent Acquisition team will work with you and provide further information as appropriate.