Cybersecurity Manager CV Sample

• Accomplished and well-rounded regional ICT Professional with >5 years’ experience advising and developing IT solutions, deploying security and compliance requirements, leading productive and well-integrated teams within manufacturing, insurance business and petrochemical industries across APAC.
• Demonstrable technical expertise and knowledge of best practices for IT risk assessments & concepts, core security monitoring & response services, regulatory compliance and security incident response management; proven track record of successful IT infrastructure and industrial project implementations and personalised stakeholder support models.
• Adept in analysing high-level information and complex technical issues, effectively translating business/user requirements into actionable IT business cases, articulate project design recommendations and deliver continuous improvement.

• Conceptualised 3-year Information Security strategic roadmap and ongoing action plans within 12 months for APAC subsidiaries, setting up and delivering ITIL best practices and governance.
• Raised overall Information Security maturity level/capability rating (CMMI) for 12 APAC subsidiaries to Level 3 (Defined) from Level 2 (Repeatable) and within one (1) year.
• Developed and implemented new 3rd party due diligence system and assessment framework for ~50 local entities/vendors.

• Provide consultation to drive implementation of IS, Risk Management and ICT strategic plans for sustainable execution across group subsidiaries in APAC region; formulate plans that align with Group IS Policy, and in collaboration with HQ Information Management. [Opening line perfectly summarizes the candidate’s current role as it speaks about the size of the team and primary responsibility.]
• Establish internal audit and legal framework to assess APAC subsidiaries, escalating and tracking remediation progress of critical issues to improve overall IS posture.
• Provide key advisory in establishing risk monitoring mechanism and reporting structure, ensuring APAC subsidiaries’ maturity level comply with HQ IS standards (mapped to ISO 27001), Personal Data Protection Act (PDPA) and Cybersecurity Act.

• Conceptualised 3-year IS strategic roadmap and ongoing action plans within 12 months for APAC subsidiaries, setting up and delivering ITIL best practices and governance – Cybersecurity & Internal Audit framework, Risk Control Security Assessment (RCSA) and shared Managed Security Services (MSS). [Talk about your contributions (and the approaches you took on to achieve them) to the company and how it affected the operations in the relevant locations where possible.]
• Raised overall APAC subsidiaries’ IS maturity level/capability rating (CMMI) for 12 APAC subsidiaries to Level 3 (Defined) from Level 2 (Repeatable) and within one (1) year; effectively streamlined process and efficient behaviors. [Cite quantifiable metrics to support your achievements. Do, however, be aware of your company confidentiality clause.]

• Managed organization-wide execution of IT risk strategies with changes to environmental practices, adhering to standards and regulations for highly complex portfolio IT systems and core infrastructure. [Simple, clear overview of the job you previously done. Notice also how the remaining bullet points are shorter. No need to go into deep detail about previous similar workscopes.]
• Conducted IT security due diligence, 3rd party risk assessments and gap analysis on operations and policies, identifying and providing risk reporting to minimise business impact; directed policy and procedural reviews with key stakeholders and reported directly to Head of IT Risk & Compliance.
• Performed regular reviews on change requests in Change Advisory Board (CAB), ensuring change implementation were aligned with organization IT security standards and risk tolerance; rolled out Vulnerability Assessment (VA) tests, proactively closing gaps in system security and managed cybersecurity risks.
• Led onsite inspections and enforced KLB’ Technology Risk Management guidelines on interviews with suppliers to advise business on financial and operational viability; facilitated all technology-related audit engagement and dialogue events to raise employees’ awareness on risk management.

• Developed and implemented new 3rd party due diligence system and assessment framework for ~50 local entities/vendors; reviewed alongside external consultants, enterprise and risk management teams, to establish outsourcing guidelines as aligned with KLB’.
• Key contributor for successful group technology risk projects, effectively maintaining high risk and compliance data integrity by re-engineering manual process with business intelligence platforms and solutions (RSA Archer Governance, Risk & Compliance system).

• Coordinated local IT infrastructure and US teams to manage multiple security technologies in monitoring and fix IT security incidents, enabling development and implementation of six-figure projects across APAC. [Simple, clear overview of the job you previously done. Notice also how the remaining bullet points are shorter. No need to go into deep detail about previous similar workscopes.]
• Evaluated and analysed current state of IT security threats across ICS environment, collaborating with HQ ICS Security Team and numerous plant sites to develop and roll out additional monitoring & IT security tools/systems, decentralized content processes & procedures and with proper business documentation best practices.
• Built and maintained lifecycle plan for ICS network and computer infrastructure; participated actively in ICS audits and Cyber Security Vulnerability Assessment (CSVA).
• Provided 24/7 operational support to petrochemical facility and Management of Change (MOC) processes through partnering both HQ ICS Security and Automation Teams.

Project: IT Infrastructure Enhancement (Project Lead)

• Led diverse team and US counterparts, consolidating ICS systems and launched new IT server rack & power system.
• Improved industrial system uptime relay at 99.9% by installing new failover site and overhauling centralized backup management system (Symantec Netbackup) preparing for disaster recovery and managed power redundancy.

Project: IT System Lifecycle Upgrade & Intrusion Detection System (IDS) Implementation (Project Lead, IT)

• Drove system project scoping and review cadence on IT network infrastructure design to address functional requirements.
• Spearheaded PCN IT system migration to new servers based on corporate ICS system security requirements; performed test cases (SAT, UAT), security source code review and documented IT configuration for go-live implementation.
• Delivered integration project for IDS and IT environment within committed time, budget plan and defined specifications; partnered with vendor to configure IDS and perform sensitivity tuning.

• Bachelor of Information Technology Management | Murdoch University | Australia | 2015
• Diploma in Engineering Informatics | Nanyang Polytechnic | Singapore | 2004

• ISACA Certified Information Security Manager® (CISM®) | Aug 2019
• Certified Ethical Hacker v8 | EC-Council | Nov 2015
• Comptia Security+ce Certified | Sep 2015
• Certified in Project Management Professional® (PMP® – #1000000) | Project Management Institute | Feb 2015
• Business Analysis Certification Program (BACP™) | IIL | Nov 2010
• Cobit v4.1 Foundation | Dec 2009
• ITIL v3 Foundation | May 2008
• Microsoft Certified Professional (MCP) | May 2008
• Certified in Associate Project Management (CAPM – #000000) | Project Management Institute | May 2012

• Languages, Applications & OS (Operating System): C | C++ | AsP | .Net | VB | VB Script | Batch Files | MS Outlook
• Platforms, Infrastructure, Data Protection & Anti-Virus: ERP SAP R/3 (Basis) | Wide Area Networks | IT Security Protocols | Symantec Backup Exec
• Information Security Frameworks: ISO 27001/27002 – Information Security Management | Cobit | NIST SP 800-53 | CIS Controls
• Others: IT Lifecycle Management System (IBM Endpoint Manager) | SAP R3 (Basis) | Tyco CEM system | OSI PI System | Rockwell Factory Talk

• Languages: Fluent in English, Bahasa and Chinese
• Nationality: Hong Konger
• Availability: 1 Month’s Notice

References available upon request

[There’s no need to list your references; if HR is interested in you they will ask you for them.]