My client is seeking an experienced information security manager from an infrastructure background.
Responsibilities
- Propose, publish and update Group and regional IT guidelines and standards, agreed and approved by relevant stakeholders and committees
- Align Group and Regional IT risk and security with business, audit, compliance, corporate security and risk management
- Standardize risk and security processes and harmonize related tools throughout the Region
- Monitor the implementation of the local Information Risk and Security System and organization
- Understands, analyses, monitors and reports cyber and information security requirements from relevant local laws and regulations
- Collaborates with Legal, Data Protection Office, Risk Management, Audit and Compliance teams to drive a common security posture across all Asia Bus while adhering to local regulations
- Take care for awareness on regional and local level and consult other Regional functions
- Initiate and monitor cross border projects in order to mitigate the risk exposure
- Chair the Regional IT Risk and Security Council. Monitor and analyze the current risk and security situation throughout the region including audit results
- Work with other regional and local project teams to validate the IT infrastructure sizing, architecture and pricing
- Work with local IT infrastructure team to drive synergy, economies of scale and pricing optimization
- Drive Asia Cloud strategy
Requirements
- University degree in information technology, engineering, or business administration
- 10+ years of experience, preferably in IT Security
- Knowledge on market standards and best practices like ISO 27000 series, Cobit, ITIL
- Ability to develop and maintain Group Guidelines and IT standards
- Certifications like CISA, CGEIT, CISM
- Strong interpersonal and relationship skills, adept at managing a wide range of stakeholders
