Job Description

Duties & Responsibilities
Security Governance
Drive and implement security Governance, Risk and Compliance (GRC) for our wide variety of client delivery engagements within the region, including banking, insurance, mining, telco and public sectors.
Engage in driving compliance against Business Information Security (BIS) and Corporate Security policies /standards
Observe and apply regional and international cyber security and privacy laws, frameworks and standards such as ISO 27001, NIST-CSF, GDPR, Japan APPI, BAC, TBA.
Work with the internal stakeholders such as Delivery Leaders, Business Information Security Officers (BISO) and affiliated Centre of Excellence (CoE) leaders to ensure organisational practices align with business objectives, compliance to standards and evolving threat landscape.
Security Risk and Control Management
Engage with variety of stakeholders: business leaders, auditors, customer security officers, legal, HR, and IT teams to understand security requirements and risk scenarios.
Apply end-to-end risk management principles guided by business context and risk appetite. Identify, assess and respond to risks.
Develop security management and data protection plan for key accounts: identify assets & threat vectors. Define mitigations and control framework.
Conduct periodic risk and control assessments of our adherence to obligations and security management plan. Provide implementation plans to close gaps.
Security Operations and Program Management
Conduct third party or client audit or security assessment activities such as ISO 27001, SOC report and PCI-DSS. Plan audit scope and schedule, and coordinate with various corporate functions to collect/produce evidences.
Assist delivery team to review Technical Solution Designs to apply Secure-by-Design and Secure SDLC processes to ensure IT products and services are foundationally secure in accordance to risk appetite.
Coordinate corporate incident management response and support investigations within a strict timeframe. Liaise with customers and external parties.
Develop Security Training and Awareness materials, and conduct or facilitate awareness sessions.
ISO27001 Lead Auditor /ISO 27001 Lead Implementer
Qualifications & Certifications
Must have a Bachelor's degree or above in a related field or equivalent experience
Must have experience in Information Security functions - Experience in understanding and deploying risk management and security
3-5 years of Cyber Security experience - Minimum of security experience preferably within a large global organization
Proven experience in information security and risk management field, especially with Technology Risk Management / IT Audit in Enterprise organizations
Required prior experience in attaining certifications or attestations such as ISO 27001, SOC report, PCI, etc. Experience on ISO 27001 Information Security Management system, Risk Assessments, Evaluation of results / findings, contract review of security obligations, IT GRC Tools
Preferred: Security and Privacy certifications such as CIPP/E, CISA, CISSP, CISM, CRISC, CCSK, CIPT, etc.
Prefer experience in Information Security GRC compliance - Strong knowledge on IT GRC, ISO 27001, Privacy and other standards/audits/regulations like PCI DSS, HIPAA, SSAE 18/ ISAE 3402, SOC2 etc
Preferred Understanding of network and system security technology and practices across all major-computing areas (Network, firewalls, client/server, PC/LAN, telephony) with a special emphasis on Internet related technology.
Prefer experience in Project/Program Leadership and Management
Personal Characteristics
Excellent stakeholder engagement skills
Excellent presentation and communications skills; ability to convey complex security risks and their control mitigations in a concise and business-relevant manner
Ability to plan tactically and strategically; deliver outcome with a sense of urgency with attention to detail
Demonstrate pragmatism by recommending risk mitigation that balances cost and business value.
Strong collaboration skills and willingness to be a team player, working as one team to solve problems by incorporating input from various sources
Willing to travel (10%)

Skills Required