Senior Manager, Governance, Risk

**Job Number** 23191088

**Job Category** Information Technology

**Location** Singapore Regional Office, 2 Harbourfront Place #06-08, Singapore, Singapore, Singapore VIEW ON MAP

**Schedule** Full-Time

**Located Remotely?** N

**Relocation?** N

**Position Type** Management
**JOB SUMMARY**:
The APEC security GRC senior manager is a Singapore-based position that is part of APAC GIS team and focuses on security governance, risk and compliance matters for APEC region. This role is as a core member of the GRC team that will mature the Company’s cyber regulation compliance posture and ensure the day-to-day compliance for APEC by collaborating within information security team and the broader business disciplines, such as IT, Digital, Legal, Government Affairs, etc.

**CANDIDATE PROFILE**

**Education and Experience**
**Required**:

- 7+ years progressive experience in related fields such as information security, cyber regulation compliance, IT audit etc. That also includes direct experience with:

- security tooling for logging, monitoring, alerting, and reporting (e.g. Splunk)
- vulnerability management tools (e.g. Tenable.io)
- database security (e.g. MySQL, SQL Server)
- mainstream security products (e.g. Firewall, IDS/IPS, EPP/AV, SWG)
- main APEC counties cloud/infrastructure and operation systems security domains (e.g. Unix/Linux, Windows)
- Must possess English Language proficiency (reading/writing/speaking. Bi/multi-lingual skills

**Additional Preferred skills and experience**:

- Familiarity with security management of mainstream cloud platforms, such as Alicloud, Tencent, AWS etc
- Familiarity with main APEC counties including Australia, Japan, Korea and India Cyber Security laws and data protection requirements
- Bi/multi-lingual skills
- Experience in leading or participating in cyber incident response events
- Industry certifications such as CISSP, PCI ISA, CISA, CISM etc.
- Knowledge of hospitality culture

**Key Stakeholders**
- Singapore Security Center
- Continent Information Security Partnership
- APEC IT leaders
- Hotel IT associates
- Global Information Security
- APAC Digital team
- APAC Legal team
- Other roles involved in data and system protection

**CORE WORK ACTIVITIES**

**Managing Projects and Priorities**
- Responsible for cyber regulation internal assessments and risk management based on APEC countries security law, data protection regulatory requirements etc.
- Partners with continent information security partnership team and cyber fusion center to maintain cyber regulation compliance monitoring mechanism for APEC countries
- Manages and monitors the IT risk posture for hotel IT environment, cloud data platforms, web security, and digital channels
- Coordinates or performs remediation activities identified from internal and external cyber regulation assessments
- Performs regular cyber compliance metric reporting and monitor key risk indicators
- Supports cyber incident response management by localizing the global incident response process to fit with regional purpose and coordinate simulations
- Supports regulator inspections, coordinates submission preparation, and tracks remediations
- Implements cyber regulation awareness program catering various roles in the entity
- Monitors cyber threats, analyzes key risks related to cyber regulations, and defines solutions with wider IT and Security teams
- Monitors compliance controls over key IT assets on daily basis.
- Perform regular Security Risk Assessment including 3rd Party risk assessment and review

**Maintaining Goals**
- Submits reports in a timely manner, ensuring delivery deadlines are met.
- Promotes the documenting of project progress accurately.
- Provides input and assistance to other teams regarding projects.

**Managing Work, Projects, and Policies**
- Manages and implements work and projects as assigned.
- Generates and provides accurate and timely results in the form of reports, presentations, etc.
- Analyzes information and evaluates results to choose the best solution and solve problems.
- Provides timely, accurate, and detailed status reports as requested.
- Provides technical expertise and support to persons inside and outside of the department.
- Demonstrates knowledge of job-relevant issues, products, systems, and processes.
- Demonstrates knowledge of function-specific procedures.
- Keeps up-to-date technically and applies new knowledge to job.
- Uses computers and computer systems (including hardware and software) to enter data and/ or process information.

**Delivering on the Needs of Key Stakeholders**
- Understands and meets the needs of key stakeholders.
- Develops specific goals and plans to prioritize, organize, and accomplish work.
- Determines priorities, schedules, plans and necessary resources to ensure completion of any projects on schedule.
- Collaborates with internal partners and stakeholders to support business/initiative strategies
- Communicates concepts in a clear and persuasive manner th