Key Areas of Responsibility/Accountability
- Have region-specific understanding of the critical business assets, risks and mitigation plans
- Drive region-specific control implementations or special programmes, where deemed necessary based on risk assessments or local regulatory requirements
- Define and embed security-by-design principles across delivery teams
- Liaise with local authorities and regulatory bodies to ensure compliance with local cybersecurity laws and regulations
- Work closely with Group Privacy team
- Working closely with legal/privacy to understand impact of new/existing Cybersecurity regulations
- Conduct/support regular vulnerability and penetration testing across the division’s IT infrastructure and web services, working with web teams and 3rd parties to remediate any vulnerabilities
- Monitoring and reporting of relevant business IT Systems for security and compliance best practices
- Be the APAC first responder to any Information Protection incidents
- Evaluates potential security incidents and recommend corrective actions
- Identify and implement processes that methodically track: governance objectives, risk ownership/accountability, compliance with policies and conclusions that are set through the governance process, risks to those objectives and the effectiveness of risk mitigation and controls
- Providing input into approval of changes and prioritisation of the Change Management process to ensure risks that could be introduced to the IT environment because of proposed changes are identified and adequately managed through to resolution
- As a member of the CISO’s management team, contribute to the overall strategic and operational management of Informa’s enterprise security and risk management agenda
- Support security awareness campaigns within the region
- Support, run or participate in Group-wide security initiatives and activities as directed and represent the APAC region at the cross-divisional Information Security meeting
- In association with the Security Architecture team advise APAC IT/Product teams on security architecture relating to digital design and control implementation
Desirable:
- Candidates should be working in the security industry or certified if one or several areas of security, including Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Systems Security Certified Professional (SSCP)
- Experience with IT Security Architecture or a System/Software Development background
- Knowledge of web application security, data security, public cloud security as well as experience in implementing secure development and testing processes
Key Outputs and Outcomes
- Implementation of Security Measures: Successful deployment of Information Security solutions & processes across the region
- Risk Management: Identification, evaluation, and mitigation of security risks to the region’s information assets
- Incident Response: In association with Group Information Security enhancement and execution of regional incident response plans to handle security incidents / breaches effectively
- Compliance and Governance: Ensuring that the region adheres to regional and global information security standards and regulations
- Security Awareness: Support Group Information Security with training programs to improve security awareness among colleagues
Measures of Success
- Reduction in Security Incidents: A decrease in the number of security breaches or successful cyber attacks
- Compliance Rates: Achieving high compliance rates with internal policies and external regulations
- Response Time: Improvement in the speed and effectiveness of regional incident response
- Stakeholder Satisfaction: Positive feedback from stakeholders regarding the Information Security measures and protocols in place
What we’re looking for
The ideal candidate profile will include the following points:
- 5+ years in a similar role in a large international organisation
- Strong fluency in both English and Mandarin
- Clear and abiding interest in information security
- Experience in implementing a secure development lifecycle and working with Privileged Access Management
- Ability to identify areas for improvement and recommending how to improve them
- The ability to interact with Informa colleagues, build good relationships at all levels and across all business units and organisations, and the ability of influence stakeholders of all levels
- Excellent verbal, written and interpersonal communication skills. Listens and communicates technical subjects to both technical and nontechnical audiences, flexes style to suit the needs of the audience
- Ability to work with others effectively, with 3rd parties, internal teams, and international business units, promoting knowledge sharing within and across teams
- Demonstrable experience of managing and motivating cross-functional, interdisciplinary teams to achieve tactical and strategic goals in a matrixed organisational structure
- Highly self-motivated and directed, with keen attention to detail
- A good understanding of security frameworks including ISO27001 / NIST / CIS / COSO / RMF / PCI DSS / HIPAA
- Awareness and experience of China Personal Information Protection Law (PIPL) and Multi-Level Protection Scheme (MLPS)