The Job: 

• Manage the development of Group Information Security policies, standards, and procedures
• Support the on-going maintenance and review of the policies and procedures according to the industry best practices and standards (e.g. ISO 27001 etc.), technologies, relevant regulatory and group requirements
• Evaluate and manage capabilities that enable the organization to reliably achieve objectives, address uncertainty and act with integrity, as a whole more responsive and efficient in a consistent manner
• Act as the main responsible party to drive and align the policy compliance across the group and the regional business units
• Perform and manage regular Information Security and Control assessment to ensure that business units are compliant with the Group Information Security Policies and Standards
• Manage audit findings remediation to mitigate the risks
• Identify and address cyber risks and requirements in order to protect the organization from adversity, surprise and weakness
• Monitor Information Security and Risk control, and test to determine the control performance and effectiveness
• Support the Cyber Security project implementation and daily activities with respect to Information Security best practices and risk assessments
• Responsible to support Regional Information Security and Risk Governance for the Asia countries to ensure the Security posture of business units are properly measured, monitored and managed

The People:
 

• At least 10 years experience in Information & Cyber Security Risk Governance and Risk Management
• Extensive knowledge and understanding of Information Security framework, such as  ISO27001, NIST CSF and COBIT
• Good stakeholder engagement and management skills
• Hands on experience in managing information security projects and solutions
• Strong liaison skill, teamwork, passion and commitment mentality
• Relevant professional certification, such as CISA, CISM, CISSP is desired