Position Overview:

The Group CISO will be responsible for leading the information and cyber security strategy across seven distinct business units, ensuring alignment with the parent company DSP’s security governance, policies, and risk posture. This role will provide expert leadership, oversight, and coordination to ensure the business unit’s security architecture, risk management, compliance, and incident response capabilities are mature, cohesive, and aligned with DSP’s directives.

Key Responsibilities:

Strategic Leadership & Governance

Guide and assist business units to define and implement cyber security strategies ensuring alignment to DSP’s security framework, controls, and objectives.

Assist in the development and continual improvement of security governance framework, aimed at providing compliance against parent company objectives and industry standards.

Act as the central liaison between the parent company, Group Leader, group business units on all matters relating to information security.

Provide consultation services to Business Units on IT projects, including alignments to industry standard security frameworks, certifications, hosting solutions, design/architecture, vendor management, telephony etc. as requested.

Manage Group IT/DS projects as requested.

Governance, Risk, and Compliance

Assist with the establishment and maintenance of policies, standards, and procedures that align with DSP’s global security policies.

Oversee risk assessments, audits, and compliance efforts across business units, ensuring adherence to regulatory requirements (e.g., ISO 27001, GDPR, SOC2, etc.).

Monitor evolving regulatory landscapes and ensure business units are prepared and compliant.

Conduct compliance audits of the Group’s Business Units.

Collaboration & Stakeholder Engagement

Provide expert advice and consultation to business unit IT leads, and executive teams.

Coordinate security initiatives across the group to enhance collaboration.

Regularly report on group-wide security posture, risk metrics, and remediation progress to Group Leader and business unit leaders.

Security Operations & Incident Response

Enhance security monitoring, incident detection, and response capabilities across all business units

Oversee the implementation and operation of mandated security tools and technologies (e.g., Crowdstrike, Falcon, 6Clicks).

Lead or coordinate incident response planning, readiness assessments, and tabletop exercises.

Serve as an escalation point and incident commander during any serious group-wide security incident.

Drive maturity in endpoint, cloud, identity, and access management (IAM) controls across varying tech stacks.

Drive security awareness, training, and engineering enablement programs tailored for developers, product managers, and customer care staff.

Capability Building & Culture

Champion a security-first culture throughout the group’s Business Units.

When requested, support the recruitment, development, and retention of high-performing security professionals across the business units.

Establish group-wide awareness and training programs to reduce human risk.

Key Requirements:

10+ years in Information Security, with 3+ years in a senior CISO role.

Strong experience working in federated or multi-entity environments.

Demonstrated ability to align diverse business units to security frameworks to improve security score maturity.

Deep knowledge of security frameworks (ISO 27001, SOC2) and regulatory requirements.

Exceptional communication, stakeholder engagement, and leadership skills.

Industry certifications such as CISSP, CISM, or CISA preferred.

Desirable:

Prior experience integrating or aligning business units post-acquisition or during digital transformation.

Familiarity with educational sector and associated regulatory requirements.

Experience in cloud security, DevSecOps, and zero-trust architectures.