JOB DETAILS

JOB DETAIL

Reports to : Infrastructure Manager.
Responsibilities:
• Implement and monitor a strategic, comprehensive enterprise information security and IT risk management program.
• Work directly with the business units to facilitate risk assessment and risk management processes.
• Implement and support Data Privacy framework.
• Enforce implementation of and compliance with regional security policies.
• Collaborate with senior management, regional security team, and corporate compliance to establish governance for the security programs.
• Pro-active monitoring of security related policies and systems to identify and mitigate security risks.
• Partner with business stakeholders across the company to facilitate training on minimizing threats to the IT systems and raise awareness of information security concerns.
• Assist with the overall business technology planning by providing knowledge and recommendations on information security.
• Support the information security scope of internal and external audits.
• Lead and collaborate with the Information Security Management Representatives (ISMRs) for the surveillance audits and re-certifications of Information Security Management System (ISO 27001).
• Ensure timely de-activation of user accounts for resigned staff and conduct periodic reviews of permissions for current staff.
• Review periodically and keep security related documentation (SOPs, WI, forms, ISO, etc.) up to date.
• Follow up and consolidate monthly ISMS report.
• Partner with Quality Assurance team and Application Support team to conduct and maintain Computer System Validation (CSV) for local and regional IT systems.
• Any other tasks related to information security, data privacy and compliance as assigned by the IT Infrastructure Manager.

REQUIRED WORK EXPERIENCE

• Bachelor’s degree in a technology-related field required.
• Professional security management certification is required.
• Minimum of three years of experience in risk management, information security and IT.
• Knowledge of common information security management frameworks, such as ISO/IEC 27001 (ISMS).
• Good written and verbal communication skills and high level of personal integrity.
• Innovative thinking and leadership with an ability to motivate cross-functional, interdisciplinary teams.
• Good organizational and documentation skills.
• Excellent command of both written and spoken English.