Chief Information Security Officer/ Director

**About us**

LawNet Technology Services (LTS) is the technology company behind LawNet, Singapore’s leading portal for legal research, information and transactions. An indispensable tool for the legal community since 1990, LawNet is subscribed by a majority of Singapore lawyers and is also accessible by anyone outside the profession. Users can conduct research on Singapore primary legal materials (Singapore Law Reports, unreported judgments and legislation) and secondary materials (such as Parliamentary reports, legal news, textbooks and journals). LawNet continues to enhance its services and content while maintaining its affordable and highly competitive subscription rates, making it an essential resource for the legal community.

LTS is a wholly owned subsidiary of the Singapore Academy of Law (SAL), a promotion and development agency for Singapore’s legal industry. In addition to running LawNet, LTS manages the technology driving SAL’s support services for Singapore’s legal industry and statutory functions such as stakeholding services and appointment of Senior Counsel, Commissioners for Oaths and Notaries Public.

Led by a Board of Directors who understands both the capabilities of technology and the needs of the legal profession, LTS continues to develop bold and innovative products and services that will better serve the needs of the legal community.

**About this role**:
We are seeking an experienced technology security & risk management professional to serve as the process owner of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee and business information in compliance with the organisation's information security and IT risk management policies. The role requires a hands-on approach in working with executive management to determine acceptable levels of risk for the organization. This position is responsible for establishing and maintaining a corporate-wide information security and IT risk management program to ensure that information assets are adequately protected.

**Responsibilities**:

- Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program.
- Work directly with the business units to facilitate risk assessment and risk management processes.
- Develop and enhance an information security management framework.
- Provide leadership to the enterprise's information security organization
- Partner with business stakeholders across the company to raise awareness of risk management concerns.
- Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems.

**Key Objectives**:
Lead the development, implementation and operation of policies, standards, practices, procedures and systems that govern the Management, Security and Privacy of IT assets in SAL Group.
- Set a Risk and Governance Framework for managing IT assets to support growth and compliance in SAL Group.
- Define roles and responsibilities related to IT risk and governance, ensuring clear accountabilities across the organisation.
- Define data classification for policy driven handling of SAL and customer data.
- Ensure smooth implementation and training of the Framework across all Business Units.
- Educate the business users on key data governance processes and foster a culture of accountability across the business to properly manage IT assets.
- Maintain IT Risk Register that dovetail with SAL’s Enterprise Risk Management(“ERM”).
- Ongoing monitoring of IT risk and governance compliance to through control audits.
- Develop and maintain an up-to-date list of all IT assets in SAL Group, each with a detailed risk profile and a roadmap to mitigate identified risks.
- Implement mitigation measures for identified risks in accordance with prioritisation agreed with the Reporting Officer.
- Lead the investigation, resolution, prevention, and closure of realised risk and incidents.
- Provide leadership within the information security sphere through development of cyber security strategies and action plans.
- Formulate information security goals and establish policies, standards and procedures in line with cyber security directions of the SAL group as a whole.
- Provide advisory on the appropriate cyber security solutions and technologies to be deployed.

**Skills and Qualifications**
- Degree in a technology-related field required.
- Minimum of 6 years of experience in a combination of risk management, information security and IT jobs.
- Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST.
- Excellent written and verbal communication skills and high level of personal integrity.
- Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams.
- Experience with contract and vendor negotiations and management including managed services.
- Experi