Apac Information Security Consultant

**Job Title: APAC Information Security Consultant**

**Location: Singapore, Malaysia**

**The Opportunity**:
We are looking for an APAC Information Security Consultant, who is primarily responsible for supporting information security governance initiatives and activities across APAC business units.

**Key Responsibility**:
**Information Security governance**
- Maintain APAC’s regional Information Security, Risk and Compliance framework, and support Group in revising old or establishing new policies and standards
- Provide governance over and support APAC BISOs in the coordination of regional and local information security gap remediation
- Perform analysis to identify common themes and drive regional remediation activities
- Advise APAC BISOs and stakeholders in information security policy compliance requirements
- Provide advice, governance and support in information security policy exception and risk acceptance processes
- Work closely with the Group’s Information Security Governance (ISG) team and APAC BISOs to ensure global requirements are communicated to APAC stakeholders and APAC requirements are considered in global information security compliance projects
- Support Group’s ISG initiatives in the APAC region
- Provide support in APAC’s Information Security control assurance processes
- Work closely with the APAC Information Security Analytics & Reporting team in ensuring visibility via accurate security compliance metrics
- Identify and support opportunities for process simplification and automation initiatives.

**Information Security, Risk and Compliance Assessments**
- Support APAC BISOs in performing the following assessments using the Global standard approach:

- Cloud security assessments
- Third party vendor assessments
- Business / IT Application assessments (incl. pre & post implementation reviews, major changes)
- Regulatory assessments (e.g. local regulations, ISO27001, PCI DSS, SOC2, etc)
- Remediation action review, analysis and management and themed security reviews.
- Exception management and support continuous improvement of Global and Regional ISG processes

**Qualification, Skills & Experience**:

- University graduate of computer science, information technology/security or any other related disciplines.
- Minimum 6 years professional experience in information security or IT risk management, preferably in MNC environment or insurance industry.
- Certification of CISA, CRISC, CISSP or CISM is a must
- Experience or certification of PCI IA, ISO27001 is a plus.
- Big4 information security consulting and/or IT audit experience is an advantage.
- Excellent communication skills in English and ability to communicate security-related concepts to all levels of stakeholders
- Strong integrity and highly ethical
- Effective in influencing and persuasion
- Background in security/risk related topics and technologies
- Working knowledge of regulatory compliance drivers
- Good understanding of security concepts and architectures
- Good understanding of IT security and compliance controls
- General knowledge of regulatory requirements is a plus
- General knowledge of common security tools

**You are the heart & soul of Zurich**

At Zurich, we like to think outside the box and challenge the status quo. We take an optimistic approach by focusing on the positives and constantly asking What can go right?

People are Zurich’s most important asset. Their varied skills, perspectives and experiences drive innovation. And they reflect the breadth and diversity of our customers, suppliers, communities and investors around the world. We are committed to attracting and retaining talented individuals from a variety of backgrounds and experiences.

Let’s continue to grow together
- Location(s): Singapore or Malaysia
- Remote working: Hybrid Working Model
- Closing date: