Business Information Security Manager

Position Name:Business Information Security Manager

Job Description:

The Business Information Security (BIS) is a global team responsible for ensuring all security risks on Client Delivery engagements are managed end to end and establish trust across a wide variety of exciting client engagements. The team engages with our business leaders and customers to identify, assess and mitigate security risks; and act as the primary representative of the Corporate Security group to deliver our security obligations in customer engagements.

Responsibilities:

Security Governance

• Manage and implement security Governance, Risk and Compliance (GRC) for our wide variety of client delivery engagements within the region, including banking, insurance, mining, telco and public sectors.
• Observe and apply regional and international cyber security and privacy laws, frameworks and standards such as ISO 27001, NIST-CSF, GDPR, Japan APPI, BAC, TBA.
• Work with the internal stakeholders such as Delivery Leaders, Business Information Security Officers (BISO) and affiliated Centre of Excellence (CoE) leaders to ensure organisational practices align with business objectives, compliance to standards and evolving threat landscape.

Security Risk and Control Management

• Engage with variety of stakeholders: business leaders, auditors, customer security officers, legal, HR, and IT teams to understand security requirements and risk scenarios.
• Apply end-to-end risk management principles guided by business context and risk appetite. Identify, assess and respond to risks.
• Develop security management and data protection plan for key accounts: identify assets & threat vectors. Define mitigations and control framework.
• Conduct periodic risk and control assessments of our adherence to obligations and security management plan. Provide implementation plans to close gaps.

Security Operations and Program Management

• Manage third party or client audit or security assessment activities such as ISO 27001, SOC report and PCI-DSS. Plan audit scope and schedule, and coordinate with various corporate functions to collect/produce evidences.
• Assist delivery team to review Technical Solution Designs to apply Secure-by-Design and Secure SDLC processes to ensure IT products and services are foundationally secure in accordance to risk appetite.
• Coordinate corporate incident management response and support investigations within a strict timeframe. Liaise with customers and external parties.
• Develop Security Training and Awareness materials, and conduct or facilitate awareness sessions.

Qualifications:

• Must have a Bachelor’s degree or above in a related field or equivalent experience
• Must have relevant security certifications such as CISA, CISSP, CRISC or equivalent
• Must have experience in managing internal Information Security functions for a highly regulated industry
• 10+ years of Cyber Security experience
• 5+ years of leadership and management experience
• Experience in attaining certifications or attestations such as ISO 27001, SOC report, PCI, etc.
• Experience in Project/Program Leadership and Management
• Experience with Security Infrastructure Design Engineering or Architecture and have acquired Subject Matter Expert (SME) level knowledge in three out of these seven areas:
• • Endpoint Protection
  • OnPrem/Cloud Infrastructure Security
  • Network Security
  • Data Protection
  • Security Operations Forensics Investigations and Response
  • Identity Access Management
  • Secure SDLC

• Excellent stakeholder engagement skills
• Excellent presentation and communications skills; ability to convey complex security risks and their control mitigations in a concise and business-relevant manner
• Ability to plan tactically and strategically; deliver outcome with a sense of urgency with attention to detail
• Demonstrate pragmatism by recommending risk mitigation that balances cost and business value.
• Strong collaboration skills and willingness to be a team player, working as one team to solve problems by incorporating input from various sources.

Holidays & Benefits

• Insurances
• Commuting allowance
• Business trip allowance
• Sports facilities and recreation facilities
• Educational training / Overseas training system (OJT)
• Group life insurance
• Casual clothes allowed (office casual)

Company Description

One of the world's leading professional services companies, transforming clients' business, operating and technology models for the digital era.
Their unique industry-based, consultative approach helps clients envision, build and run more innovative and efficient businesses.
Headquartered in the U.S., this company is one of the Fortune 500 companies and is consistently listed among the most admired companies in the world.

[Passive smoking measures]
Indoor smoking
Designated smoking area