Implement and maintain a cybersecurity governance framework, including Cybersecurity Steering Committee, to ensure consistent and effective governance of security-related activities. Establish governance structures, roles, and responsibilities to support cybersecurity objectives.
Establish and maintain an enterprise-wide cyber security policy framework and develop a set of enterprise policies standards, minimum security baselines, processes and procedures for technology infrastructure and applications in line with organizational goals and regulatory requirements.
Define and operate an exception management process for Cybersecurity policies, standards and baselines.
Define KPIs for measuring Cybersecurity effectiveness and support program governance. Define annual targets and thresholds for the enterprise and align with organization’s key cyber security metrics.
Run Cybersecurity Performance Review Program to enable an enterprise view of Cybersecurity and identify underperforming areas. Lead the development of the monthly cyber security and risk executive dashboard. Prepare and present reports to executive leadership and stakeholders on cybersecurity posture and compliance status.
Serve as the primary contact between the organization and external parties, such as regulators, auditors, and partners, on matters related to cybersecurity governance. Ensure effective communication and compliance with external cybersecurity requirements.
