Chief Information Security Officer, APAC

Chief Information Security Officer, APAC

Responsibilities:

• By bringing together the security team across the region, develop and execute a set of regional security goals and roadmap that aligns to global policies and standards to effectively secure and enable the regional business to achieve its strategic objectives, build digital trust with our customers, partners and employees, and attain competitive advantage.
• Work with regional Risk and Compliance teams to ensure compliance with regulatory requirements across the region. Identify synergies across the region and the globe as part of the exercise.
• Work with regional and country leadership teams to prioritize and execute remediation efforts based on severity and impact of gaps identified. Establish a security maturity model that is tracked and adaptable to necessary changes.
• Engage and collaborate with a wide group of stakeholders, including but not limited to Global Risk Solutions (GRS) BISO teams, Global Cyber Security (GCS) teams, Liberty International Insurance (LII) teams, LII APAC Regional Tech Leadership including Tech Risk, Country tech Leadership, as well as department/functional leaders, Risks, Compliance, Legal and Privacy teams across the globe.
• As key conduit for Global-region-country communications, empower country-level security leadership and encourage open communication with the goal of operating as “one team”. Drive learnings and standardization where practical and relevant.
• Work with Global/regional/country teams to define clear RACI on key security initiatives, processes, risks and controls.
• Lead or play a key role in major incidents, disaster recovery and business continuity events to minimize business and customer impact. Ensure lessons learnt are always conducted and applied to foster continuous improvement.
• Drive a strong security culture across the region through different communication channels and on-going training/awareness program with a view to safeguard virtual and physical information assets.
• Influence internal and external constituents, and relays best practice recommendations based on the evolving threat landscape to protect intellectual property and ensure compliance.
• Define regional or monitor globally defined key performance indicators (KPIs) and metrics that align with business initiatives and deliver them to non-technical individuals in an effective, understandable manner.
• Identify and develop business case on opportunities for security technology advancement to establish highly effective solutions designed to prevent and detect advanced threats to the company networks and systems.
• Report regularly to senior management and/or boards, keeping them abreast of the threat landscape and the tactical controls and strategic plans to achieve success.
• Make process improvements and leverage global capabilities to allow for effective automation and orchestration to maximize team talent and streamline routine tasks.
• As an empathetic leader, respect and work with team members and staff from diverse backgrounds and geographical locations. Mentors the security team and places a heavy emphasis on employee retention – is a people-first leader.
• Engage and manage third party relationships where required and ensure return on investment.
• Work with relevant teams including business leaders, Legal, Compliance, Privacy, Risk and Procurement to ensure Third- and Forth-party security management practices are in place as part of onboarding as well as on-going monitoring.
• Work with business units towards defined standards on responsible use of artificial intelligence (AI) and machine learning (ML).
• Optimizes and secures cloud infrastructure and applications required to support a dispersed remote workforce.

Experience & Qualifications:

• Bachelor's degree in computer science, information assurance, MIS or related field, or equivalent. Advanced degree not required, but an MBA or master’s degree in information assurance/technology is preferred.
• CISSP (highly recommended); CISM (preferred) and/or SANS certification a plus.
• Preferably 10-15+ years’ management experience, with 5-8+ years’ technical hands-on security, audit and risk management practitioner experience.
• At least 5 years’ experience working with business leaders holding fiscal responsibilities.
• Strong written and oral communication skills across varying levels of the organization.
• Understanding of service design, delivery concepts and control frameworks.
• Solid organizational skills and the ability to multi-task, prioritize workloads and delegate responsibilities.
• Proven ability to receive security team recommendations and act assertively to support objectives.
• Effective stress management in a constantly changing environment.
• Highly focused on building and implementing a strong, cohesive team and security culture.
• Excellent judgment and the ability to make quick decisions when working with complex situations.
• Forward thinking with strong business acumen and flexibility.
• Ability to motivate the team to achieve excellence and give credit where it is due.
• High degree of integrity, trustworthiness and confidence; represents the company and its management team with the highest level of professionalism.
• Ability to work effectively with a variety of personalities and adapt to effectively reach and develop the team. Uses this skill as well as functional knowledge to both earn and maintain a high level of credibility with the team.
• Strong believer in enhancing employee skills and promoting training, use of cyber range skill improvement, and breach and attack simulation (BAS) solutions.
• Requires periodic awareness training for company employees on information security topics and allocates security budget to train technical staff members.
• Openly supports the organization, the management team and executive leadership team, even during times of adversity.
• Leads security-related projects from inception to successful completion and is capable of effectively coaching technology staff on appropriate security protocols and needs as they implement new technology into the organization.