Information Security Specialist

NTT is a leading global IT solutions and services organisation that brings together people, data and things to create a better and more sustainable future.

In todayâs âiNTTerconnectedâ world, connections matter more now than ever. By bringing together talented people, world-class technology partners and emerging innovators, we help our clients solve some of the worldâs most significant technological, business and societal challenges.

With people at the heart of our success, NTT is committed to attracting and growing the best talent and providing an environment where everyone feels they can belong and their contribution matters.

Your career here is about believing in yourself, and taking on great opportunities and new challenges.Itâs about growing your skills and expertise in your current role and preparing yourself for the future.  Thatâs why we encourage you to take every opportunity to grow your career within our great global team.

Are you ready to take the next step in your career?

- Support the regional Global Data Centers (âGDCâ) organisationâs Info Security and Business Continuity governance, risk management, compliance, internal audit, external audits & certification management activity across the APAC GDC countries.
- Support the Director of GRC & GDC APAC Management in the implementation, maintenance, monitoring & reporting of the Global Data Center organisationâs Info Security and Business Continuity management systems and activities across APAC countries.
- Support, maintain and monitor all relevant data center certifications & external audits (Example: ISO27001, PCIDSS etc) across APAC GDC countries.
- Coordinates, develops, monitors, and implements emergency preparation plans with organization leadership or their designees; providing response, recovery, and tactical plans to resume business operations following a business interruption, cyber-risk exposure, or disaster.
- Analyzes company-wide initiatives/contingency plans to ensure the stability of critical business functions and enterprise systems within a specific time frame and to minimize loss and financial risk.

What you'll be doing

Information Security Governance Risk Compliance

• Support implementation, maintenance & administration of the Global Data Centersâ Information Security governance, risk, compliance, & info security management systems & standards, policies and procedures across the APAC region
• Perform Information Security Risk management including risk assessment, monitoring, review, consolidation and reporting.
• Lead Information Security Incident management & reporting within the region
• Support regular InfoSec key metrics monitoring, consolidation and management reporting
• Keep up-to-date with the development in local regulations or standards and assess the impact of such changes within the industry.
• Support APAC region Global Data Center business units to effectively establish and maintain a framework of governance and risk controls, policies and compliance processes to manage risk across the organisation.
• Identify and highlight critical risk & compliance areas where immediate action is needed
• To promote and improve the understanding of company compliance policies and proactively advocate and foster a strong compliance culture and awareness through training and internal promotion.
• Conduct investigation, inspection, and audit activities to ensure compliance to company policies and procedures, to investigate alleged violations where required.
• Plan, promote, and organise training activities related to GRC matters.
• Support & participate in various cross-scope GRC, ISMS, audit activities and projects.

Info Security Internal Audits

• Conduct Info security / BCM internal audits to review and evaluate the adequacy, effectiveness and efficiency of the organisationâs risk management, internal controls & governance processes, policies & procedures; and recommend corrective actions to improve operations, enhance internal controls and reduce controls risk and costs where possible.
• Support cross scope internal audit engagements (IT & non-IT) and compliance review/investigations.

Business Continuity Management

• Support developing, maintenance, testing, and documentation of business continuity policy and plans; identify and test recovery strategies; address and mitigate gaps that impact business continuity and recovery.
• Develop and maintain documentation pertaining to business continuity policies, procedures and standards within the relevant framework.
• Develop and document tactical business continuity and disaster recovery plans.
• Develop and implement disaster recovery test plans.
• Works with line management to design and test Business Continuity & Disaster Recovery Plans (BCP/DRP).
• Disseminates recovery strategies and continuity policies/procedures across assigned organizations.
• May act as point-person for response to events during a crisis.
• Supports initiatives preparing the organization to react effectively to business disruption caused by unforeseen circumstances.
• Perform ongoing risk analysis of existing disaster recovery plans and provide feedback and recommend risk mitigation and service improvement.
• Carry out ongoing validation of operational compliance with existing disaster recovery and business continuity planning.
• Assists with or own the execution of the business continuity and disaster recovery plan(s).
• Carries out risk assessment within a defined functional or technical area of business.
• Implements the planning, designing, testing of maintenance procedures and contingency plans to address exposure to risk and ensure that agreed levels of continuity are maintained.
• Works with all functional business areas to develop business continuity plans, identify gaps, set recovery time objectives.
• Assess business impacts, and propose measures for mitigation.
• Implements trial runs and execution of business continuity stages according to the defined schedule, ensuring complete documentation of trial runs and execution outcome to meet audit compliance.
• Executes business continuity plans, provides expertise and support business functional areas, reports execution status, and provides visibility to stakeholders on critical business functions through structured communications.

#GlobalDataCentersCareers

What would make you a good fit for this role?

• Good degree in Info Security, Computing/Computer Science, or a related field
• 5 yearsâ experience preferably in or related to Information security management, IT operations, Business Continuity Management, Info Security GRC, Internal audit or and/or related functions (such as Info Security audit, Information Security governance and Info Security risk management).
• Demonstrable experience implementing business continuity and disaster recovery plans in a business continuity framework.
• Strong understanding and familiarity on Info Security GRC, risk management principles, internal controls and management systems, audit techniques and standards, Business continuity management framework.
• Experience in implementation of Information Security and Business Continuity management systems, framework, as well as operational expertise is preferred.
• Good technical knowledge on server, network and virtualization
• Relevant certification relating to Information Security will be an advantage.
• Good working knowledge on ISO27001/2 required.
• Expertise of technology auditing concepts with experience in audits of IT processes (such as information security, application development, IT governance), IT infrastructure (operating systems, databases and networks), change management and business continuity is a plus.
• Certification in any of the below areas or equivalent is preferred.
• Industry certifications relating to Information security (e.g. ISO27001 lead auditor)
• CISA, CISSP, CISM
• Business Continuity Certified Planner (BCCP), Certified Business Continuity practitioner (CBCP)
• Industry certification relating to business continuity (example: ISO 22301)
• Excellent written, communication and presentation skills, including ability to interpret management system standards, explain concepts such as compliance requirements, risks and audit findings to all levels of the organisation including ground operations and management level.
• Excellent analytical and critical thinking skills, including ability to assimilate new information, root cause analysis, make sound decisions and problem solve.
• Good team working and interpersonal skills, able to interface across all levels and functions, and dealing with multiple stakeholders.
• Ability to work in a regional role, managing multiple stakeholders across different working cultures (prior regional experience is a plus)
• Proven experience working cooperatively in a team environment with the ability to build collaborative relationships.
• Independent self-starter with strong facilitation and project management skills, including the ability to manage multiple tasks, attention to detail and effective organisational capability.
• Willingness to be hands-on, self-motivated and disciplined.
• Strong personal ethics and integrity values.

Join our growing global team and accelerate your career with us. Apply today.

A career at NTT means:

• Being part of a global pioneer â where you gain exposure to our Fortune 500 clients and world-leading global technology partners and work with a network of over 40,000 smart and diverse colleagues across 57 countries, delivering services in over 200 countries.

• Being at the forefront of cutting-edge technology â backed with a 150-year heritage of using technology for good. With 40% of the worldâs internet traffic running on our network and where Emoji were first invented, you can be proud of the groupâs many new âfirstsâ.

• Making a difference â by doing meaningful work that helps to shape the future for our clients, and across industries and communities around the world.

• Being your best self â in a progressive âConnected Workingâ environment that promotes flexibility, connection and wellbeing. Where diversity and different perspectives are embraced to ensure equal opportunities for all.

• Having ongoing opportunities to own and develop your career â with a personal and professional development plan and access to the broadest learning offerings in the industry.

---