Security Governance & Risk Compliance

Develop and disseminate corporate security policies, frameworks and guidelines to ensure that day-to-day business operations guard or are well protected against risks, threats and vulnerabilities



Competency Area

Risk Management, Governance and Regulatory Compliance


Identify security risks in business operations proactively

Assess adherence of applications and infrastructure components to security standards and baselines

Identify lapses in organisational security standards or issues that may endanger information security and integrity

Develop specific action plans for different business units, based on corporate security policies, standards and guidelines

Evaluate technologies and tools that can address security gaps and facilitate alignment with security policies

Introduce security controls in line with corporate security policies and frameworks

Roll out security guidelines and protocols, ensuring understanding and compliance

Review adequacy of information security controls

Highlight areas for improvement and propose solutions

Evaluate security risks and establish corporate security policies and frameworks

Identify existing security risks, threats and vulnerabilities and analyse gaps in current organisational security policies

Develop corporate security policies based on organisation's direction, to ensure business operations are well protected

Recommend improvements, updates or modifications to current security policies and practices, to address potential security gaps

Introduce suitable technologies, processes and tools to monitor, guide and maximise compliance with security policies

Drive communication of corporate security policies and implementation of security protocols

Establish internal processes to regularly review adequacy of information systems' security controls against set benchmarks

Anticipate potential security threats and emerging trends in security management

Set direction for the organisation's corporate security policies, frameworks and protocols, in line with business requirements and the external environment

Endorse proposals for updates or enhancements to corporate security policies

Establish benchmarks and targets for information systems operations and processes to be regularly reviewed against