(3 Days Left) Business Information Senior Security Specialist

Duties Responsibilities Security Governance Drive and implement security Governance Risk and Compliance GRC for our wide variety of client delivery engagements within the region including banking insurance mining telco and public sectors Engage in driving compliance against Business Information Security BIS and Corporate Security policies standards Observe and apply regional and international cyber security and privacy laws frameworks and standards such as ISO 27001 NIST-CSF GDPR Japan APPI BAC TBA Work with the internal stakeholders such as Delivery Leaders Business Information Security Officers BISO and affiliated Centre of Excellence CoE leaders to ensure organisational practices align with business objectives compliance to standards and evolving threat landscape Security Risk and Control Management Engage with variety of stakeholders business leaders auditors customer security officers legal HR and IT teams to understand security requirements and risk scenarios Apply end-to-end risk management principles guided by business context and risk appetite Identify assess and respond to risks Develop security management and data protection plan for key accounts identify assets threat vectors Define mitigations and control framework Conduct periodic risk and control assessments of our adherence to obligations and security management plan Provide implementation plans to close gaps Security Operations and Program Management Conduct third party or client audit or security assessment activities such as ISO 27001 SOC report and PCI-DSS Plan audit scope and schedule and coordinate with various corporate functions to collect produce evidences Assist delivery team to review Technical Solution Designs to apply Secure-by-Design and Secure SDLC processes to ensure IT products and services are foundationally secure in accordance to risk appetite Coordinate corporate incident management response and support investigations within a strict timeframe Liaise with customers and external parties Develop Security Training and Awareness materials and conduct or facilitate awareness sessions ISO27001 Lead Auditor ISO 27001 Lead Implementer Qualifications Certifications Must have a Bachelor s degree or above in a related field or equivalent experience Must have experience in Information Security functions - Experience in understanding and deploying risk management and security 3-5 years of Cyber Security experience - Minimum of security experience preferably within a large global organization Proven experience in information security and risk management field especially with Technology Risk Management IT Audit in Enterprise organizations Required prior experience in attaining certifications or attestations such as ISO 27001 SOC report PCI etc Experience on ISO 27001 Information Security Management system Risk Assessments Evaluation of results findings contract review of security obligations IT GRC Tools Preferred Security and Privacy certifications such as CIPP E CISA CISSP CISM CRISC CCSK CIPT etc Prefer experience in Information Security GRC compliance - Strong knowledge on IT GRC ISO 27001 Privacy and other standards audits regulations like PCI DSS HIPAA SSAE 18 ISAE 3402 SOC2 etc Preferred Understanding of network and system security technology and practices across all major-computing areas Network firewalls client server PC LAN telephony with a special emphasis on Internet related technology Prefer experience in Project Program Leadership and Management Personal Characteristics Excellent stakeholder engagement skills Excellent presentation and communications skills ability to convey complex security risks and their control mitigations in a concise and business-relevant manner Ability to plan tactically and strategically deliver outcome with a sense of urgency with attention to detail Demonstrate pragmatism by recommending risk mitigation that balances cost and business value Strong collaboration skills and willingness to be a team player working as one team to solve problems by incorporating input from various sources Willing to travel 10