ROLE PROFILE

Job Title - Information Security Officer (ISO)

Purpose of the Role

• The Information Security Officer (ISO) role is to support and be accountable for all IS activities including but not limited to oversight of the IS Risk Management to the Franchise and its processes and support ASL where needed. The ISO function will support & work closely with Business, Operations & Technology teams, and the overall ISO community to oversee and monitor adherence with ASL IS Policy and Standards, manage risk and provide Business advise on Information Security. Demonstrate understanding of cloud, mobile, application and infrastructure security and will exercise sound judgement within existing practices and policies.

Role Attributes1

• Perform Information Business Impact assessments and Security Risk Assessments on business applications throughout development lifecycle for SDLC/Agile/Iterative Lifecycle.

• Report Information Security issues/gaps with appropriate recommendations to mitigate and/or remediate the risk as well as assist IT with corrective action plans. Provide subject matter expertise in application development lifecycle to assess security requirements, controls and ensure that security controls are implemented and planned

• Promote awareness of information security policies, standards and best practices. Also, as a program manager, manage information security assessments operational KPI/KRIs

• Drive improvement to Information Security process, standards and policies

• Interface with Risk, Internal Audit, external Audit, Regulator and/or provide timely support during audits.

• Establish and maintain relationships with domain architects, project managers and IT SMEs.

• Demonstrate good understanding of Singapore regulatory framework and local laws on information security, technology risk, data protection. In addition, solid understanding of ISO 27001, NIST CSF, MITRE etc.

• Perform independent assessments of the technical security controls implemented within the system to determine the overall effectiveness of the controls.

Requirements

Experience

§ Good understanding of Information Security control areas such as Authentication/Authorization, Access Controls, Entitlement, Cryptography, Encryption, Network, Application/System Security, Key Management. Vulerablity Management (OWASP, SANs)

§ Knowledge of SDLC, Agile/Iterative, DevOps/DevSecOps and integration with security assessment is required.

§ Excellent Written and Verbal communication skills. Exhibit Strong Influencing/negotiating skills with attention to details.

2 ROLE PROFILE

Education

§ 5+ Years of Experience in Information Security, Audit or Risk Management Function

§ Professional Certifications such as CISSP, CISM, CISA, SANS, Cloud (at least 1 and willingness to continuously upskill)

Important Note:

> Please share your resume in word format with [email protected]

> Important Note: If this requirement is not a match for you please refer to your friends.

> Interested professionals can reach out to me for Confidential Discussion @ +65- 9060-4050.

Best Regards,

Dilip Kumar Daga

Vice President - Strategic Accounts

Helius Technologies Pte Ltd

36, Robinson Road,#13-05, City House, Singapore 068877

DID: +(65) 6429-9407

Mobile: +(65) 9060-4050

Fax: +(65) 62222213

Email id: [email protected]

http://helius-tech.com

Registration No : R1108376

EA Licence No : 11C3373

https://www.linkedin.com/in/dilipdaga/