Information Security

Job Description

Purpose and Background- To support the Regional Information Security Officer in all matters relating to Information Security, Technology Risk, Data Privacy, Operational Resilience and Third Party Risk Management working closely with regional and in country teams, as well as head office based colleagues in Security, Privacy & Resilience.- To assist in ensuring the APAC business proactively manages security risks in line with risk appetite and operates in a way that complies with the requirements of the relevant regulations and legislations.- To act as a point of contact for our business in APAC on security matters and maintain a productive working relationship with the wider business.

This role reports into the Head of Technology, Security Resilience & Third Party Governance, APAC.

Roles and Responsibilities- Support regional businesses and teams in the matters of Information Security, Technology Risk, Data Privacy, Operational Resilience and Third Party Risk Management for activity relating to project, regulatory liaison or assessment, client reporting as well as supporting ongoing business operations.- Review, assess and interpret in country regulations and legislation in relation to the remit of Security, Resilience, and Protection.- Assist in the oversight the region and countries’ risk and compliance position in relation to Security, Resilience, and Protection and report regularly on plans, key risks and issues.- Prepare new initiatives, projects, or material business / IT changes support the preparation of security risk assessments and data privacy impact assessments.- Support the delivery of security related education and awareness for colleagues across APAC.- Recommend improvements in practices, processes and capabilities to ensure that the business operates to the required standards and within risk appetite.- Prepare regular reporting on regional status of topics on Security, Resilience, and Protection.- Coordinate and respond in the event of security/privacy incidents.- Engage the business stakeholders directly on Security, Resilience, and Protection related projects.

Key Skills, Qualifications & Experience

Essential:
- 2-3 years on Information Security, Technology Risk, Data Privacy, Operational Resilience and Third Party Risk Management related experience in a similar or related role.- Previous experience and knowledge of regulatory compliance topics preferred.- Recognized professional information security qualification preferred, such as CISA or CISSP.- Knowledge of control and risk management processes. Ability to frame decisions in terms of risk. Ability to make risk judgements. Audit experience is desired.- Sound planning skills with high level of organization and discipline to meet specific targets and objectives.- Able to work with others in the organization and able to build relationships and trust.- Able to communicate effectively with others at all levels verbally and in writing and able to translate technical terms into business language.- Strong Microsoft Office skills.- Experience of working in a Financial Services, Investments or Asset Management or professional services environment preferred.- Ability to balance security with other factors or concern.- Experience in managing threats and risks in a complex environment and in particular balancing these against business requirements.- Research and interpretation including trend analysis; willingness to seek and understand the various security regulations and statutes.

We’re committed to providing an inclusive workplace where all forms of difference are valued and which is free from any form of unfair or unlawful treatment. We define diversity in its broadest sense - this includes but is not limited to our diversity of educational and professional backgrounds, experience, cognitive and neurodiversity, age, gender, gender identity, sexual orientation, disability, religion or belief and ethnicity and geographical provenance. We support a culture that values meritocracy, fairness and transparency and welcomes enquiries from everyone.