Job Description :
Are you looking for unlimited opportunities to develop and succeed? With work that challenges and makes a difference, within a flexible and supportive environment, we can help our customers achieve their dreams and aspirations.
The manager role sits in the first line of defense, is responsible for Asia information technology controls and governance services, in alignment with the mandates and objectives of Global segment.
The individual will collaborate and liaise with Country Information Services, Business Units, Global CoE teams and Asia segment stakeholders, participates in Asia countries’ governance structure to support the implementation of ISM strategy;
and execute the practices and controls, as well as promote risk and security awareness for the successful implementation of the ISM strategy.
Key Result Areas :
Execute Information Risk Management / Information Security policies and standards and associated security controls especially in the Information Security Management (ISM) domain for Asia region
Participate in IT projects and initiatives to bring proactive information security management focus into solutions, assist in formulation ISM plan to ensure effective and consistent application of ISM policies and standards across all technology projects, systems and services, as well as compliance to local Laws and Regulations
Oversee ongoing information security processes for incident management, access management, legacy technology and vulnerability management, and even some processes tied to business continuity and disaster recovery.
Partner with business units and technical teams to implement ISM processes and supporting procedures.
Monitor risk and communicate to relevant stakeholders to ensure continued effectiveness of the Company’s ISM strategy, establish corrective actions where necessary
Support and participate in security projects from our Global and Regional partners
Provide advisory and guidance on Information Risk, Technology Risk and Regulatory for information services and business
Coordinate security activities, including but not limited to application security source code scanning, legacy technology and vulnerability management, logical access regular assessment, information risk awareness and readiness for the Asia region
Participate in regular meetings with various teams in Asia as well as globally
Review and understand technology risk regulatory requirements, provide advisory, ensure compliance with the requirements including framework, guidelines & policies for ISM and IT, maintain of local IT regulatory matrix
Conduct gap analysis for changes to Company policies, standards and new or updated Regulatory requirements, provide advisory and guidance on developing action plans to address the gaps
Liaison to internal, external auditors, and regulatory agencies on information security risk reviews and examinations, oversee audit issues, ensure issues are tracked and addressed in a timely manner
Incident management, establish communication and escalations, response & handling in the event of an information risk or security incident, advice and guidance for immediate corrective actions.
Participate in investigations and reporting. Review, advise and monitor preventive actions
Ensure controls are executed effectively, efficiently and consistently across Asia region, conduct quality control and tests on the controls, identify gaps, and devise and execute action plans to address any gaps found;
to ensure deficiencies are remediated appropriately
Report control gaps and remediation status to stakeholders
Assist in the rectification of knowledge / resource gaps in the Asia countries, closing the gaps of information security / risk activities
Travel within the region may be required
Experiences and Qualifications :
University graduate with minimum 5 years or more of progressive information security management experience in one or more disciplines : project / vendor risk assessment, network security, infrastructure / platform security, data / application security, vulnerability / patch management, and IT auditing, IT risk and control assessments.
Experience is application security would be an advantage
Professional certification or designation in information security and IT auditing, a plus, but not a requirement
Candidates with less experience will be considered as Specialist
Candidates with more experience will be considered as Senior Manager
Core Competencies and Skills :
Proficient in English, both verbal and written
Excellent communication skills in both technical and non-technical areas
High integrity, adhering to principles and values
Appreciation of different cultures
Good analytical skills
Works well within a diverse team as well as independently
Good interpersonal communication