- Permanent, Full time
- Morgan McKinley Singapore
- 15 Oct 18
- Responsible to establish, communicate and maintain Cybersecurity Risk Governance Framework.
- Ensure that Cybersecurity requirements are practical and communicated to all relevant parties.
- Communicate identified cybersecurity risks to stakeholders and provide the required risk advisory to assist the stakeholders to make the appropriate decision to address the identified risks.
- Ensure stakeholders adhere to the Cybersecurity Risk Management Framework.
- Work with Group Legal, Risk and Procurement to ensure that Cybersecurity Risk Management Framework remains relevant to each Business Units.
- Ensure all Business Units stakeholders understand and comply with cybersecurity risk governance framework through awareness campaigns.
- Demonstrate professional, pro-active qualities in dealing with internal clients and stakeholders.
- Attend required meetings on information security governance, risk, and compliance topics.
- Assist in the development, implementation and maintenance of policies, standards, and operating procedures as required.
- Escalate issues arising from policy non-compliance to the reporting manager.
- Maintain strategic vendor partnerships, relevant education and certification.
- Professional certification such as CISSP, CISM or other similar credentials will be highly advantageous
- Minimum 2 years of practical experience in vendor security management.
- Minimum 6 to 10 years of experience as an Information Security Professional
- Experience working as part of an internal Audit, Governance and Compliance team.
- Advanced understanding in the following areas: Platform Security, Data Security, Network Security, Physical Security, Security Assessment Tools, Security Monitoring Tools.
- Advanced understanding in the following areas: Security Governance Standards, Business Continuity Planning, Enterprise Risk Management, Computer Security Incident Response, and Security Compliance Audits.
- Have exposure to other compliance audits such as PCI-DSS, SSSAE, ISO27K, SOX, and other information security framework