Key accountabilities and decision ownership:
• Take a proactive approach to ongoing evaluation of cyber security policies to ensure security
policy adherence
• Promote awareness of security policies, training, and the governance strategy amongst all
levels of the organization to ensure sound security governance is reflected across the
organization
• Assess policy needs, train stakeholders in the policy lifecycle and clearly communicate
expectations, collaborate with stakeholders from subject matter experts to senior leaders to
develop and manage security content
• Maintain and further develop the Cyber Risk Management Program
• Actively manage risks on the Cyber Risk Register from intake to resolution
• Communicate risk assessment findings with key stakeholders to develop and monitor risk
remediation plans
• Develop cyber risk portfolios to provide a more holistic view of teams’ risks
• Conduct regular compliance assessments with the Business to ensure that current and
emerging risks are being monitored and managed
• Proactive Control design and implementation guidance provided to the Business
• Process and Control Compliance Monitoring and Reporting
• Cyber audit SPOC to the business with guidance on all audit submissions
• Cyber audit report reviews and guidance to Management on the recommended actions
• Tracking and monitoring of audit remediation action implementation
• Deploying cyber security awareness training collateral with innovative approaches
• Design of status reports as well as insight reporting as and when required by Management
• Lead reporting development with the use of automation and reporting tools to generate Cyber
Risk metrics, i.e. KPI’s, KRI’s, KGI’s (KxI)