Business Information Security Officer

**Who we’re looking for**

A specialist to provide technical and non-technical information security consultancy services to the Schroders business units and IT. Reporting to the Head of Information Security APAC, the role necessitates an ability to champion the security team to influence senior business representatives and to engage with internal stakeholders in all areas of technical and non-technical information security.

**About Schroders**

We’re a global investment manager. We help institutions, intermediaries and individuals around the world invest money to meet their goals, fulfil their ambitions, and prepare for the future.

We have around 4,000 people on six continents. And we’ve been around for over 200 years, but keep adapting as society and technology changes. What doesn’t change is our commitment to helping our clients, and society, prosper.

**The base**

This role will be based in Singapore

**The team**

The Schroders Global Information Security function ensures our business is able to operate safely in a dynamic threat and technological environment by effectively managing the risks to its information assets. To achieve this aim, the function contains teams responsible for Cyber Security, Insider Security, Information Risk Management, Technology Risk and the Information Security Change Programme.

**What you’ll do**

Information security:

- Provide advice and guidance on how to minimise the impact to the business of potential threats to the network, systems or information assets
- Liaise with potential or current partners and suppliers to the business and evaluate the information security levels of the company or products
- Assist and provide security advisory to business stakeholders, project managers and solution architects through the lifecycle of a project related to project and business change.
- Investigate the vulnerability of the business to potential malicious attacks and recommend defensive actions.
- Support the business in their reply to client’s request for proposal and review client contracts for reasonableness.
- Support and provide security advisory to the business in the engagement of third-party services by providing our security requirements that meet regulations, review security aspect of the service level agreement, and highlight any security risks in the course of the assessment.

Policy, Standards, Procedures and Guidelines:

- Ensure that information security policies are implemented, enforced, monitored and complied with and to ensure the business embraces a culture of Information Security.
- Develop and ensure data security procedures are approved that provide the more detailed steps that service areas need to adhere to in order to implement that data security policies.
- Drive ongoing improvements to the security consultancy, vendor risk management process and supporting tooling

Risk Management:

- Work with Enterprise and Infrastructure Solution Architects to advice on all Information Security Risks with regards to infrastructure, changes to processes or project implementations. To critique the high
- and low-level designs within projects. Working on all such projects throughout their lifecycle to ensure the business meets compliance and regulatory requirements
- Taking timely action resulting from any risk assessment recommendations. This may involve liaison with other departments, partners or suppliers. It is essential to keep the Head of Information Security APAC and the CISO informed if there are any issues of non-compliance
- Conduct periodic and new vendor risk assessment on behalf of our business to highlight the security risks to the business.

Keep abreast of data security trends:

- Be aware of and possible future trends in information security and take into account current business procedures, to define and develop procedures and policies for appropriate and secure use of the businesses IT systems.
- Adherence to standards, including ISO27001 and Information Technology, PCI-DSS and Infrastructure Library (ITIL)

**The knowledge, experience, and qualifications you’ll need**
- Minimum 2 years’ experience working on security technologies in an advisory or consulting role within financial industry or a large global organisation
- Experience in producing quality reporting and documentation.
- Experience in designing and reviewing IT and Security Architecture.
- Knowledge of IT networking and infrastructure.

**The knowledge, experience and qualifications that will be good to have**
- Certification in SABSA, NIST, COBIT or ISO27001
- Knowledge of Azure and Amazon Web Services Cloud technologies.

**We’re looking for the best, whoever they are**

Schroders is an equal opportunities employer. You’re welcome here whatever your sex, marital status, ethnic origin, sexual orientation, religious belief or age.

SIN01840

As above