Information Security Officer

Core Responsibilities:

• Interface with business stakeholders to understand and advocate for business needs with the broader security organization and promote and deliver services in the security and privacy services catalog.

• Solicit, surface, track, and resolve business feedback on security and privacy services and capabilities to enable continuous improvement

• Promote and facilitate security and privacy projects and initiatives with business departments.

• Conduct security risk assessments of business processes, projects, business units, systems, and data.

• Prepare risk assessment reports to inform risk treatment decisions.

• Track and monitor remediation and risk management activities.

• Support security and privacy awareness & training initiatives in Asia Pacific region

• Implement and champion risk management processes and concepts.

• Maintain a current and comprehensive understanding of relevant industry standards to incorporate into the risk management strategy, framework, and program.

• Support integration and maturation of policy, compliance, and risk frameworks.

Skills and Qualifications:

• A minimum of 5 years of experience in information security risk management, stakeholder and project management

• Bachelor’s degree or higher in the field of information security, engineering or related technology field of study

• Strong knowledge of security and data privacy standards and regulations, such as ISO 27k, PDPA, NIST 800-171, PCI DSS, GDPR

• Exceptional written and verbal communication skills, with the ability to articulate complex and technical issues to all levels of personnel

• Customer-first, detail oriented, results driven, and highly organized, with the ability to thrive in a fast-paced environment and prioritize accordingly

• Experience engaging stakeholders and managing projects, preferably with international experience in an e-commerce or technology related industry

• Strong analytical and problem-solving skills

• Certifications, such as CISSP, CISM, CISA, ISO 27001 Lead Auditor, PMP are desirable

• High level of personal integrity, with the ability to professionally handle confidential matters and exudes the appropriate level of judgment and maturity