Executive, Regional Cybersecurity

**Key Job Purpose**:
The Regional Cybersecurity Executive (RCE) is responsible to support the Head of Cybersecurity (HOD) in the overall Computer Security Incident Response Team (CSIRT) and Product Security Incident Response Team (PSIRT) operations in the Asia Pacific region, inclusive of, but not limited to, performing cyber incident response management and cyber investigations, conducting awareness training and education, supporting the Company’s cyber compliances, and providing Cybersecurity guidance and expertise to both business operations and the Regional/Local IT teams.

The RCE is responsible to support the HOD to safeguard patient safety and protect Company interest through the formation, adoption, operationalisation and regular review and compliance of the end-to-end framework, policies, procedures and initiatives relating to the cybersecurity and data govenance aspects of the “internet of medical things” or medical devices products and services in the Asia Pacific region.

The RCE is responsible to contribute, lead, drive and manage new global/regional/local cybersecurity program or project initiatives from conceptualisation to post-implementation operations to ensure successful cybersecurity modernisation efforts of the Company.

The RCE needs to work effectively with internal and external expertise in planning and delivery, and in executing assessments, improvements and roadmaps.

**Responsibilities**:
**Lead, Drive and Manage CSIRT and PSIRT Operations for Asia Pacific**
- Lead, drive and manage the overall Cybersecurity lifecycle implementations and operations.
- Develop security design and review processes.
- Develop cybersecurity roadmap for security controls for data centre, cloud environment, and company products and services in Asia Pacific.
- Effectively manage the cybersecurity roadmap based on approved Strategic goals, prioritising across tactical and strategic goals, and align business needs and technical priorities.
- Develop and maintain cybersecurity architecture, policies, standards and frameworks.
- Be an advisor and influence internal stakeholders in supporting cyber transformation.
- Work with stakeholders to ensure compliance to Cybersecurity policies and standards, including monitoring of compliance to the Group/Region/Local and Regulatory standards.
- Work with development teams on the management of security threats.
- Collaborate with various internal company teams such as product and services R&D, marketing and customer services teams to prepare the product security documentation.
- Manage cybersecurity incident response process, including but not limited to, investigation, incident triage, impact assessment, resolution proposal, incident communication, and liaison with external security providers and forensic providers.
- Identify cybersecurity risks from internal systems and material vendors impacting the confidentiality, integrity and availability of the Company, perform threat assessments of identified vulnerabilities and define solutions to improve the cybersecurity posture to protect the Company’s assets and its ability to perform its mission and objectives.
- Lead the local/regional business units, global stakeholders and external expertise to ensure security compliance to local regulatory requirements.
- Work with stakeholders to align and comply to the Group/Region Cybersecurity policies, standards and framework.
- Communicate, implement, localise and execute implementations of security solutions or projects/programs required to meet business objectives.
- Develop effective stakeholder relationships across the region and with stakeholders from various levels of the Company.
- Deliver expert level security advisory to internal stakeholders to secure security investments.
- Communicate effectively and perform presentations to senior stakeholders on project progress and resolve issues efficiently.
- Utilise and suggest improvements to the business, information and technical improvement to enhance the security posture of the Company and its products and services.
- Identify tools, solutions, processes, frameworks and standards to improve overall cybersecurity posture.
- Manage internal resources and external vendors or expertise effectively to achieve the success of the assigned cybersecurity projects and/or change requests in the region.
- Prepare and present CAPEX and OPEX budget for cybersecurity projects and operations in the region.
- Provide timely management reporting to relevant Regional/Group Cyber Management Committee.
- Other duties as assigned by the HOD.

**Requirements**:

- **Tertiary Education in any discipline, preferably in Cybersecurity, Computeer Science, Computer Technology, medical or healthcare-related degree **(or equivalent proven knowledge with work experience in cybersecurity domain)
- **Recent 5-7 years of working experience in medical or healthcare-related field, or in IT and/or Product Cybersecurity experience** in a demanding, a