Collaborate with and support the Group Security Practice.
Ensure presence, quality and effectiveness of processes & controls by interacting with client's Partners CSO, CISO, CORO, CPSO, GRC, Regional Security Officers, Global Security Center, SO and other stakeholders as necessary
Serve as an expert advisor to the local entities in the implementation and maintenance of security and resilience processes and controls.
Ensure policies, shared security services and action plans are implemented based on the Group Security and client's Partners Strategy
Identify and analyze risk (for employees, systems and business), recommend appropriate mitigation options
Assess the impact on the business environment and align appropriate mitigation actions or the prioritization of projects and investments within the entity.
Escalate the need to redirect investment or change practices to mitigate critical risks and ensure legal, regulatory or commercial compliance
Implement continuous improvement processes and activities (e.g. good practices, reporting, problem resolution) to ensure quality and relevance of security services
Monitor and maintain system confidentiality, integrity and availability and manage all security incidents with the GRC
Promote a culture of security and raise awareness
Oversee the execution of security within BAU / projects / processes in collaboration with the central GRC team (this is for all the spectrum of Information and Physical Security and Operational Resilience)
Ensure development and maintenance of auditable processes to enforce consistency across the region
Work closely with all the Security and Operational Resilience stakeholders in the country & the region to leverage on teamwork
Identify and implement coordinated responses to security audit and compliance issues
Attend to the local CMT if requested to provide expertise and support
SKILLS AND EXPERIENCE
Technical/ Functional Knowledge, Skills and Abilities
Excellent problem-solving skills.
Ability to plan and execute on project plans.
Ability to deliver work with minimum supervision and effectively operate in a dynamic global organization.
Information security awareness training experience.
Strong knowledge of risks and risk mitigation strategies.
Demonstrate ability to handle multiple tasks with shifting deadlines and priorities under limited supervision.
Demonstrate ability to interact effectively internally and externally with all levels across the company including executive management.
Strong interpersonal, oral, and written communication skills
Fluent in English
Dynamic, proactive, organized personality.
Education, Professional Qualifications and Experience
Bachelor's or Master's degree in computer science, management information systems, information security or related field is preferred.
ISACA, SANS/GIAC or ISC² (such as CISSP) certifications required.
Minimum 7 experience in information security.
Strong knowledge of laws, regulations and standards that govern information security practices and frameworks such as ISO, NIST, SANS CSC, etc.
Strong background in IT risk analysis, auditing and/or information security practices with experience in financial/insurance industries.