Regional Cybersecurity Risk Manager

**Title**:
Regional Cybersecurity Risk Manager

**The Company**

From individual technologies and services to comprehensive project delivery and mission execution, no other company can match the breadth and depth of KBR. Our strength as an Australian company is demonstrated through more than 60 years of successful project and solution delivery.

Headquartered in Canberra, KBR comprises a diverse team who provide a broad spectrum of capabilities across Australia and the Asia Pacific. Our proven project teams readily address complex and multi-disciplinary activities, providing a low-risk and cost-effective service to our customers.

Our combined experience and expertise delivers the right solutions, technology and equipment at the right time.

**The Role**

The APAC Regional Cybersecurity Risk Manager is a key role responsible for the overall management and implementation of information security programs within KBR’s APAC operating locations. The APAC Cybersecurity Risk Manager ensures the confidentiality, integrity, and availability of the organization's information assets and protects against unauthorized access, disclosure, alteration, and destruction. The APAC Cybersecurity Risk Manager reports directly to the Chief Information Security Officer (CISO). This position is based in Australia. **Applicant must be eligible to obtain Australia Government Level Security Clearance.**

Key Responsibilities:
1. Information Security Strategy and Governance: Develop and implement regional information security strategy, in alignment with KBR corporate policy, regional regulations, business objectives and industry best practices. Establish and maintain regional information security policies, standards, and procedures. Collaborate with executive leadership and stakeholders to ensure security goals are integrated into business processes and decision-making.

2. Risk Management and Compliance: Conduct regular risk assessments to identify security vulnerabilities and threats, both internal and external. Develop and implement regional risk mitigation strategies and security controls to reduce identified risks. Monitor compliance with applicable laws, regulations, and contractual obligations related to information security.

3. Incident Response and Management: Conduct post-incident analysis to identify lessons learned and implement improvements to prevent future incidents.

4. Security Awareness and Training: Develop and deliver region-specific security awareness and training programs for employees, contractors, and third-party partners. Promote a culture of security consciousness and ensure employees understand their roles and responsibilities in protecting information assets. Stay updated with emerging security threats and educate stakeholders on security best practices.

5. Vendor and Third-Party Risk Management: Assess and manage security risks associated with third-party vendors and partners. Conduct due diligence on vendors' security practices and contractual obligations. Collaborate with procurement and legal teams to include appropriate security clauses in contracts and agreements.

6. Security Incident Reporting and Metrics: Develop and maintain security metrics and reporting mechanisms to monitor the effectiveness of security controls and identify areas for improvement. Regularly report to CISO, business leadership and stakeholders on the regional security posture, incidents, and key security metrics.

7. Security Audits and Assessments: Coordinate and participate in security audits and assessments conducted by internal or external parties. Address audit findings, implement corrective actions, and ensure ongoing compliance with audit requirements.

**Required Qualifications, Experience and Knowledge**
- Bachelor's degree in computer science, information systems, or a related field (advanced degree preferred).
- Must be eligible to attain Australia Government Level security clearance
- Extensive knowledge of information security principles, practices, technologies, and regulatory requirements.
- Proven experience in information security management, risk assessment, and incident response.
- Strong analytical and problem-solving skills.
- Excellent communication and interpersonal skills to effectively engage with stakeholders at all levels.
- Leadership abilities to drive security initiatives, influence decision-making, and foster a culture of security awareness.
- Up-to-date knowledge of emerging security threats and trends.
- Familiarity with security frameworks and standards such as ISO 27001, NIST Cybersecurity Framework. Must demonstrate understanding of Australia Essential 8 Maturity Model, Information Security Manual, and Australia Defense Information Security Program (DISP).
- Relevant certifications such as CISSP (Certified Information Systems Security Professional) or CISM (Certified Information Security Manager) or equivalent are desired.

**Benefits of KBR**

KBR is committed to supporting the profession