The Information Security Officer (ISO) role is to support and be accountable for all IS activities including but not limited to oversight of the IS Risk Management to the Franchise and its processes and support ASL where needed. The ISO function will support & work closely with Business, Operations & Technology teams, and the overall ISO community to oversee and monitor adherence with ASL IS Policy and Standards, manage risk and provide Business advise on Information Security. Demonstrate understanding of cloud, mobile, application and infrastructure security and will exercise sound judgement within existing practices and policies.
- Perform Information Business Impact assessments and Security Risk Assessments on business applications throughout development lifecycle for SDLC/Agile/Iterative Lifecycle.
- Report Information Security issues/gaps with appropriate recommendations to mitigate and/or remediate the risk as well as assist IT with corrective action plans. Provide subject matter expertise in application development lifecycle to assess security requirements, controls and ensure that security controls are implemented and planned
- Promote awareness of information security policies, standards and best practices. Also, as a program manager, manage information security assessments operational KPI/KRIs
- Drive improvement to Information Security process, standards and policies
- Interface with Risk, Internal Audit, external Audit, Regulator and/or provide timely support during audits.
- Establish and maintain relationships with domain architects, project managers and IT SMEs.
- Demonstrate good understanding of Singapore regulatory framework and local laws on information security, technology risk, data protection. In addition, solid understanding of ISO 27001, NIST CSF, MITRE etc.
- Perform independent assessments of the technical security controls implemented within the system to determine the overall effectiveness of the controls
Desired Candidate Profile:
- Good understanding of Information Security control areas such as Authentication/Authorization, Access Controls, Entitlement, Cryptography, Encryption, Network, Application/System Security, Key Management. Vulerablity Management (OWASP, SANs)
- Knowledge of SDLC, Agile/Iterative, DevOps/DevSecOps and integration with security assessment is required.
- Excellent Written and Verbal communication skills. Exhibit Strong Influencing/negotiating skills with attention to details.
- 10+ Years of Experience in Information Security, Audit or Risk Management Function
- Professional Certifications CISSP, CISM, CISA, SANS, Cloud (at least 2 and willingness to continuously upskil