Responsibilities:

• Understand and Involve with business teams to address the information security issues
• Information security awareness initiative and training to all staffs on a periodic basis
• Performing vendor security assessment and privacy security assessment
• Handling Information Security Incident Management
• Manage and Support the Personal Data Privacy requirements across different regions.
• Manage day-to-day activities, including policies, procedures, training and communication to business leaders in regards to the Information Security activities.
• In conjunction with Legal and Compliance identify information management and protection laws and regulations and implement actions to ensure compliance.
• Identify, track and oversee internal and external compliance and regulatory requirements (PCI, GDPR, Data Privacy, etc.) for the organization including compliance with established policies, procedures, standards, baselines and controls.
• Establish and manage the organization's wide information security awareness programs.
• Support the business project teams with Information security requirements at each stage.
• (In future after pandemic) There would be 30% travel required to ASEAN countries.

Qualifications:

• Minimum of 6 years of experience in Information Security governance and compliance.
• Good knowledge of information risk assessment and compliance needs.
• Good understanding of information security governance frameworks such as NIST, ISO27001, and COBIT.
• Working knowledge of applicable laws, regulations, and standards relating to security and data privacy
• BS or MS degree in Computer Science or related IT degree.
• Excellent communication skills.
• Ability to multi-task and prioritize work effectively.
• Highly self-motivated and self-starter with ability to work independently or with a team.
• Strong sense of ownership and driven to manage tasks/projects to completion.
• Security certifications preferred (e.g. CISM, CISSP, CDPSE, CIPP, CIPM CIPT or equivalent)