Information Security and Data Protection, Senior Specialist- ST-FNC221202 025/01

This role handles Information Security and Data Protection aspects for APEC (Asia Pacific Excl. China) at Regional level, supporting the Director, Regional Information Security and Data Protection (APEC RISO). This role is to help drive information security and data protection practice to ensure that information assets and systems remain secure from emerging security threats and enable the Organization to retain its leadership position and customer’s trust and confidence. Key Responsibilities

• Responsible for 3rd Party Supplier InfoSec and Data Privacy (DP) security assessment and compliance within APEC region
• Provide advisory support to APEC countries on InfoSec & Data Protection policies, guidelines, and processes.
• Responsible for 3rd Party Supplier InfoSec and Data Privacy (DP) security assessment and compliance
• Drive IS and DP awareness, anti-phishing, vulnerability management activities for APEC region within area of responsibility.
• Ensure all appropriate IS and DP activities and records are maintain in the GRC and Data Protection system for the area of responsibility
• Part of escalation contacts for regional InfoSec and data privacy incidents within APEC.
• Be the support liaison with the Regional and Global InfoSec & DP organization.
• Develop and maintain key contacts in business groups applicable to IS and DP within region and global, particularly relevant to the Transport Sector.
• Ensure InfoSec & DP controls are designed appropriately and reviewed regularly, to ensure information security and data protection standards are maintained in-line with changes to IT Systems.
• Support APEC RISO on Regional and Global ISDP activities and initiatives, as required.

Requirements Educational Qualifications:  Bachelor Degree in information security, computer science or a similar field.  Professional Certification: Possessed CISSP or CISM certification (in good standing):  Additional preferred certifications: CISA/CRISC/CGEIT/ISO27001/International Association of Privacy Professionals (IAPP) certifications such as CIPP/E, CIPP/US and/or CIPM Expected years of experience (Minimum):

• Min. 6 years in dedicated information security, risk, and privacy and compliance role.
• Solid experience in evaluating cybersecurity controls and providing guidance to remediate issues
• Technical experience and competency in two or more of below areas:

- Security Program Management - Governance Risk and Compliance - Security Monitoring and Incident Response - Professional Services (Security toolset design/implementation)

• Good knowledge of technologies related to Network and Computing Security is a MUST
• Good knowledge of country’s laws, rules and regulations on information security, data protection and privacy

Benefits

• Regular Office Work Days & Office Hrs
• Award Winning @ #1 Great Workplace in Asia