Assistant Manager, Regional Cybersecurity

The Assistant Manager, Regional Cybersecurity (AMRC) is the primary in-house expertise in Asia Pacific responsible in the formulation, implementation and on-going maintenance of Information Security Standards accreditation and certification programs in the Asia Pacific region, inclusive of, but not limited to, latest international ISO 27001 and ISO 81001 framework programs, privacy protection laws, and local Medical Device industry cybersecurity law enforcements.
The AMRC is responsible to support the HOD (Regional Information Security Manager) to safeguard patient safety and protect Company interest through the formation, adoption, operationalisation and regular review and compliance of Information Security framework, policies, procedures and initiatives relating to the cybersecurity and data govenance aspects of the "internet of medical things" or medical devices products and services in the Asia Pacific region.
Responsibilities
Strategise, Lead, Drive and Manage Cybersecurity ISO accreditation program for Asia Pacific
Lead, drive and manage all applicable Cybersecurity ISO implementations and re-certification operations.
Develop ISO security design, accredication framework, and review processes.
Perform gap assessment and develop ISO roadmap for accreditation and/or re-certification.
Develop policies, standards, procedures, and operational processes to meet the developed ISO roadmap.
Effectively manage the security ISO roadmap based on approved Strategic goals, prioritising across tactical and strategic goals, and align business needs and technical priorities.
Collaborate with Company CSIRT, PSIRT and Enterprise Risk Management teams to achieve the requirements of security ISO accreditation.
Deliver expert level security ISO advisory to internal stakeholders to secure ISO investments.
Establish and operationalise cybersecurity ISO compliance and recertification:
Work with global and regional stakeholders to align SOPs and QPs that achieve compliance to Group/Region Cybersecurity ISO program, policies, standards and framework.
Collaborate with various internal company teams such as Corporate IT, Business Applications, Product and Services R&D, Marketing and Customer services teams to achieve security ISO re-certifcations.
Provide timely management reporting to relevant Regional/Group Risk Management Committee.
Prepare and present CAPEX and OPEX budget for security ISO accreditation/re-accreditation and operations in the region.
Continuous improvements to cybersecurity stance of AP operation:
Establish continous improvements to Company's security ISO including but not limited to identifying new ISO standards that better support the Company's business objectives.
Establish continuous improvements to Company's cybersecurity monitoring.
Establish continuous improvements to Company's staff cybersecurity knowledge including but not limited to training and identify potential cybersecurity breaches.
Establish process to work with business stakeholders to continuously update SOPs and QPs to response to new risk areas and potential breaches.
Support business in response to Sysmex customers' cybersecurity requirements:
Review tender requirements of Sysmex customers' as provided by sales teams and:
Highlight areas of out of Sysmex controls
Highlight risk areas for Sysmex to consider countermeasures.
Bring highlighted risk areas and their respective countermeasures back into Sysmex cybersecurity stance and operation requirements.
Manage cybersecurity incidents response and resolution:
Supporting the Regional Information Security Manager, manage cybersecurity incidents response with close collaboration with cybersecurity experts, internal IT and vendors, to achieve on-target, and timely triage and resolution of cybersecurity incidents in the region, in accordance to global/regional policies.
Other duties as assigned by the HOD.
Requirements
Minimum Education Required :
Tertiary Education in any discipline, preferably in Cybersecurity, Computeer Science, Computer Technology, medical or healthcare-related degree
(or equivalent proven knowledge with work experience in cybersecurity domain)
Minimum experience required: Recent 8-15 years of working experience in Cybersecurity or ISO accreditation in medical or healthcare-related industry, with IT and/or Product Cybersecurity program or project experience
in a demanding, agile MNC environment with cyber management responsibilities.
Must Have:
At least 2 recent successful hands-on experience
in ISO 27001:2022, and/or ISO 81001 implementations ; and
at least 1 successful hands-on experience in re-certification
experience in ISO 27001 and/or ISO 81001 programs.
Skills and Knowledge required:
Sound experience in working in a regional MNC RHQ shared services environment.
Technically competent and have prior project/program implementation experiences in the Cybersecurity domain such as:
Expert knowledge in the latest ISO 27001, ISO 81001, and NIST Cybersecurity framework
Cybersecurity Strategy and Roadmap formulation
Cybersecurity Framework, Policies, SOP formulation and enforcement
Cybersecurity Program and Project Management
Cyber Risk Assessment and Governance Management
Cyber Incident Response Management
Cyber Awareness and Training
Cyber Vulnerability Assessment and Penetration Testing
Cyber Prevention
Technical Security of Enterprise Systems and Networks
Technical Security of Medical Devices
Experience in security domains in Data Centre design, Microsoft Azure, AWS and DevOps
Possesses high standards of professionalism, personal discipline and integrity.
Resourceful Self-starter.
Able to work independently and as a good team player with analytical, management and planning skills.
Proactive, dynamic and with good conceptual thinking and problem solving skills.
Continuous keeping abreast with latest ISO, Cybersecurity Technologies and other industry trends.
Strong adaptability with changes and willing to learn new domain areas of IT and Product Cybersecurity.
Professional/Technical Qualifications:
Must Have: CISSP, CISM, CCSP, CISA or other relevant industry professional cybersecurity certifications
Must Have: Project or Program Management Certification (PMP or PRINCE2)
Must Have: Formal training in ISO 27001:2022 and ISO or equivalent professional track records)
Travel Requirement:
Traveling to countries in Asia Pacific region is expected on a need and project basis
ALL APPLICATIONS WILL BE TREATED WITH THE STRICTEST CONFIDENTIALITY
We regret that only shortlisted candidates will be notified.
#J-18808-Ljbffr