Chief Information Security Officer
MAIN PURPOSE OF THE JOB:
- Manage full range of information security threats protection, ensure appropriate levels of prevention, detection and response by developing and leading the enterprise-wide security program.
- Provide recommendation regarding information security directions and activities are being performed in alignment with security plans and policies.
- Evaluate and manage risk to be within acceptable risk level in order to risk assessment result.
- Work closely across business channels to identify and assess security risks, gaps of policies and standards and weakness in processes. He/she also works with regional office and group operation of security.
- Ensure all security related guidelines, policies, standards, procedures in compliance in ISO27001 and enforced.
- Coordinate with CIO to assesses, implement and monitor IT-related security risks.
- Support regional audit, financial audit , IT audit and follow-up and/or take actions on the remediation of findings.
- Plan and coordinate with Crisis Management Team for Disaster Recovery testing.
- Identifying, reporting, monitoring and mitigating risks in IT security and compliance
- Risk analysis reviews, security compliance reviews,
- Manage Information Risk Assessment (IRM), RCSA (Risk Control Self-Assessment) to identify risk and work out to define mitigation activities, analysis, review, follow up actions by sharing information across CIO and Operation Risk..
- Ensure security best practice and standard alignment such as ISO/IEC 27001, PCI-DSS (Payment Card Industry Data Security Standard).
- Provide recommendation regarding information security directions on IT Strategy and activities are being performed in alignment with security plans and policies.
- Engage with local team to assess security threats/vulnerabilities and manage business risk to align with group standard.
- Conduct and/or follow up Penetration Test Result.
- Collaborate and support upon request by BU.
EXPERIENCE AND QUALIFICATIONS :
- Master’s Degree in suitable discipline / CISSP, CISM, CISA, CRISC, GIAC certifications preferred.
- Minimum 12 years in Information Technology or Information Security and 4 years in Management level.
- Knowledge of relevant security standards: NIST, ISO, PCI-DSS and others.
- Strong technical security background:
- Knowledge related to secure software development.
- Experience in Vulnerabilities Assessment, Patch Management.
- Experience and participate in Penetration Test, interpret penetration test report and security remediation actions.
- Strong skills in conflict management, problem-solving, coordination and communication
- Digital Forensic Skill and Cyber Incident Management.
- Experience in an international setting and multicultural environment
- Excellent spoken and written communication skills
- Strong leadership skills, able to maintain a positive attitude and proactive approach to problem solving
- Strong accountability with passionate about IT and Cyber security agenda
We offer excellent career prospects and attractive remuneration package to the right candidates.
Interested applicants please send application with recent photo and expected remuneration to: firstname.lastname@example.org.
Come and joy our happy family!