Information Security Manager

* Note: This is individual contributor

Job Description

• Handling Information Security Management, address the information security threats and incidents and drive remediation.
• In conjunction with the Legal team Identify information management and protection laws and regulations and implement actions to ensure compliance with relevant information management and protection laws.
• Identify, track and oversee internal and external compliance and regulatory requirements (PCI, Data Privacy, etc.) for the organization including compliance with established policies, procedures, standards, baselines and controls.
• Maintain an information management and protection framework for an effective company-wide governance program.
• Manage information security awareness programs and provide training to all staff on a basis.
• Manage day-to-day security activities, including conducting vendor security assessment, privacy security assessment, implementing company policies, and communication related to the information security program.
• Manage and Support the Information Security requirements across different BUs.
• Support other local ISO members in different regions as a regional ISO team member.

Job Requirements

• Bachelor’s degree or Master’s degree in IT, Security or Computer Science or equivalent major
• Minimum 5 to 10 years of experience in information security governance, risk and compliance.
• English: Business level (written & verbal). IELTS 6.5+ or equivalent Certificate is preferrable.
• Excellent communication and interpersonal skills to interact with individuals at all levels of the organization.
• Strong knowledge and Experience in information risk assessment and compliance needs.
• Strong knowledge and Experience in information security frameworks.
• Strong knowledge and Experience in applicable laws, regulations, and standards relating to security and data privacy.
• Good understanding of information security governance frameworks such as ISO27001 (and ISO27701 framework, etc.,)
• Demonstrated ability to develop and implement security policies, procedures and programs.
• Understanding and ability of risk analysis for cyber threats. (Preferred)
• Other technical and/or security certifications preferred. (e.g. CISA, CISM, CISSP, SANS, GIAC, etc.). (Preferred)
• Ability to make Business Process Analysis
• Ability to handle sensitive and confidential information with discretion and integrity