IT Governance & Security Consultant

Key Responsibilities

• Embody security governance to review, maintain and enforce security policies, procedures, guidelines to ensure they are up to date and aligned to group security strategies

• To support in security & safe by design process

• To lead and participate the audit/risk assessment to identify gaps and recommend remediation action plan and work with stake holders towards the closure/risk acceptance of findings

• To develop, create & update security policies and procedures documentation

• Develop risk mitigation strategies, ensuring proper risk treatment and monitoring

• To conduct third party security assessment, conduct vendor assessments to ensure compliance with security requirements

• To lead, develop and deliver regional cybersecurity awareness and training programs.

• Provide digital risk advisory to stake holders on the adoption of new and emerging technologies

• To conduct internal audits and IT processes’ improvement

• Performing security compliance review and tracking of compliance status for management reporting

• Co-develop process documents and participate in initiatives to automate security and compliance process.

• To lead, develop crisis management plan policies and procedures, conduct table top exercise

• Manage and reporting for security governance related KPI in region

• Participate in other ad-hoc security initiatives as required

Requirements

• Minimal Diploma in IT, information security or equivalent

• Professional security certificate will be an added advantage

• At least 3 years of experience in security operation, governance, projects with regional exposure

• Minimum 3 years’ experience in the information/cyber security related field focusing on auditing IT aspects, including governance, risk management, system, IT Compliance, IT Security, and cybersecurity, preferably in a regional or multinational environment.

• Governance, Risk and Verification

• Strong knowledge of information security frameworks.

• Experience in conducting risk assessments, vulnerability assessments, and security audits

• Working knowledge of threats and vulnerabilities and their significance to cyber risk, IT infrastructure, application security.

• Resourceful, and able to multitask in a dynamic work environment

• Proficient in written and oral – English and Chinese

At least 3 years of experience in security operation, governance, projects with regional exposure

• Minimum 3 years’ experience in the information/cyber security related field focusing on auditing IT aspects, including governance, risk management, system, IT Compliance, IT Security, and cybersecurity, preferably in a regional or multinational environment.