Manager, Information Security
7 months ago
JOB SUMMARY
The candidate will be responsible for governing the vendor security risk management and cyber risk management for Asia Pacific exclude China, including conducting risk assessments and periodic re-assessments, performing application security testing and provide remediation options, and evaluations. He\She will also assist in managing relationship with Service Providers who are responsible for the actual delivery of services, managing outcomes and results, and collaborating with stakeholders across IT and business departments to develop strategies for securing company information and assets. Shares responsibility for planning, directing, and coordinating compliance activities pertaining to technology projects for a given business unit. Verifies that project goals are accomplished and in line with business objectives.
The candidate will also work with other peers to coordinate, articulate, and track actions related to developing and driving the implementation of cybersecurity risk management plans for Asia Pacific, ensuring effective cyber security risk management practices, and engaging with business unit members on a wide range of cyber security matters to achieve overall business objectives.
The candidate will also be responsible for supporting the overall Asia Pacific security program including security policy, procedures, and standards, ensuring Marriott iT documents are compliant with Marriott security policies and procedures, and reviewing documents for accuracy and completeness.
Excellent communication skills are required to effectively communicate (verbally and written) across all levels within the organization.
CANDIDATE PROFILE
Education and Experience
Required:
Bachelor’s degree in information systems or related field or equivalent experience/certification 5+ years security governance, risk management and compliance related experience with 2+ years direct work experience in third-party security Risk Management Fluent in English One or more current information security certifications such as Certified in Risk and Information Systems Controls (CRISC), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or Certified Information Systems Security Professional (CISSP)Candidate Attributes:
Possession of good communication skills (including soft skills, structured thinking, effective report writing and presentations, and stakeholder engagement) A team player, with positive attitude and enthusiasm in the performance of responsibilities Strong innovative thinking, able to continuously enrich and improve the security policy, procedure and standards.Preferred:
A security certification such as GWAPT, GPEN, AWS Associate Architect, AWS Professional Architect, PCI experience. Technical knowledge in one or more of the following areas is required: Application Security, Operating System security (UNIX, Windows, Mainframe, and network security (routers, switches, firewalls) Technical leadership experience in an outsourced environment Excellent communication skills and problem-solving ability Experience conducting and maintaining vendor risk assessments Experience with reviewing and assessing security controls of Cloud service providers Proficient with assessing a multi-tiered system architecture (Web Server, App Server & Database) Knowledge of OWASP Top 10 and SANS 25. Working knowledge of the infrastructure and application scanning tools (such as Retina, Nessus, IBM App Scan, HP Web Inspect, Fortified on Demand, Qualys, Manual Web Application Testing experience. Familiarity with ISO27001 and PCI DSS StandardsCORE WORK ACTIVITIES
Vender Risk Management & Cyber Risk Management
Oversee, evaluate, and support the documentation, and validation processes necessary to assure that associates, information technology systems and business processes meet the organization’s information assurance, security, and privacy requirements. Ensures appropriate treatment of risk, compliance, and assurance of internal policies and external regulations. Develop strategy for the vendor information security risk compliance program Perform security controls assessments of third-party providers – assess security architecture, adherence to the requirements, conduct application scanning and results validation Document controls gap analysis and risk assessment of the third-party providers Review controls exception requests and make risk-based approval decision Lead, participate or perform various infrastructure compliance initiatives and projects Perform Application Security Testing using (Nessus, IBM App Scan, HP Web Inspect, Fortified on Demand, Qualys, Burp, or Retina) Conduct and validate finding discovered during the scans Monitor compliance to applicable security policies and standards and report related risk issues Manage and administer processes and tools that enable the organization to identify, document, and track third party risks and compliance exceptions Conduct assessments of threats and vulnerabilities, determine deviations from acceptable configurations or enterprise or local policy, assess the level of risk, and develop and/or recommend and operationalize appropriate mitigation countermeasures. Provide sound advice and recommendations to leadership and staff on a variety of relevant topics within the pertinent subject domain. Advocate policy changes and make a case on behalf of the company via a wide range of written and oral work products.Managing Projects and Priorities
Champions leaders’ vision for product and service delivery. Thinks creatively and practically to develop, execute, and implement new project plans. Generates and provides accurate and timely results in the form of reports, presentations, etc. Plans, develops, implements, and evaluates the quality of operations. Supports regulator inspections, coordinates submission preparation, and tracks remediations. Supports cyber regulation awareness program catering to various roles in the entity.Delivering on the Needs of Key Stakeholders
Understands and meets the needs of key stakeholders. Communicates concepts in a clear and persuasive manner that is easy to understand. Demonstrates an understanding of business priorities. Supports achievement of performance goals, budget goals, team goals, etc. Generates and provides accurate and timely results in the form of reports, presentations, etc.Providing Technical Support and Consultation
Provides recommendations to improve the effectiveness of processes and programs. Demonstrates advanced knowledge of job-relevant issues, products, systems, and processes. Demonstrates advanced knowledge of function-specific procedures. Applies knowledge/judgment to achieve business goals. Foresees, identifies, and resolves problems. Keeps up-to-date technically and applies new knowledge to job. Performs other reasonable duties as required for this position.Marriott International is an equal opportunity employer. We believe in hiring a diverse workforce and sustaining an inclusive, people-first culture. We are committed to non-discrimination on any protected basis, such as disability and veteran status, or any other basis covered under applicable law.
-
Senior Manager
7 months ago
Singapur, Singapore IHiS Full timeJob Responsibilities Roles and requirement Defining and maintaining corporate-wide information security governance and controls to ensure that information assets are adequately protected · Involved in Identifying, evaluating and reporting of information security risks in a manner that meets compliance and regulatory requirements · Work closely with...
-
Director, Information Security
7 months ago
Singapur, Singapore Ensign InfoSecurity Full timeEnsign is hiring !As Director, Information Security, you will play a crucial role in implementing Ensign's cybersecurity vision. Reporting to the Information Security Office, you will collaborate with senior management and business units on cybersecurity initiatives. You will play a crucial role in supporting the CISO in establishing and maintaining an...
-
Information Security Officer
6 months ago
Singapur, Singapore Marex Spectron Full timeRole Summary The Information Security Officer will work alongside the Head of Information Security to lead and report on security programs across Marex entities in the APAC region. The primary responsibility is to ensure consistent application and adherence to the Group's information security policies and local regulations, as well as assistance in...
-
Senior Manager, Information Security
7 months ago
Singapur, Singapore Razer Full timeJob Responsibilities :The Senior Information Security Manager is responsible for implementing the organisation's information security (InfoSec) solutions and the development of security frameworks, policies, and controls. He/she will collaborate with experienced business/technology leaders and cross-functional teams to ensure the security of IT systems,...
-
Information Security Analyst
3 months ago
Singapur, Singapore TD (South East Asia) Limited Full timeDescription : Headquartered in Toronto, Canada, with approximately 95,000 employees around the world, the Toronto-Dominion Bank and its subsidiaries are collectively known as TD Bank Group (TD). TD offers a full range of financial products and services to over 26 million customers worldwide through three key business lines: Canadian Retail including...
-
Information Security Engineer
7 months ago
Singapur, Singapore Deel Full timeWho we are is what we do. Deel and our family of growing companies are made up of global teams dedicated to helping businesses hire anyone, anywhere, easily. The team comprises over three thousand self-driven individuals spanning over 100 countries, and our unified yet diverse culture keeps us continually learning and innovating the platform and...
-
Business Information Security Officer
4 months ago
Singapur, Singapore Barings Full timeAt Barings, we are as invested in our associates as we are in our clients. We recognize those who work diligently for us and reward them for personal and professional integrity, communication skills, distinct competencies and expertise in specific strategies, ability to collaborate as a team member and true dedication to the interests of our clients.We thank...
-
Senior Consultant
7 months ago
Singapur, Singapore Sia Partners Full timeJob description Due to our exceptional growth in Asia, we are looking for a Senior Consultant specialized in Information Security to join our team in Singapore. As a Senior Consultant, you will help to build our expertise and guarantee the quality of delivery to ensure market-leading practices for our Singapore office, taking into account the global...
-
Information Security Governance, Specialist
7 months ago
Singapur, Singapore AIA Full timeAt AIA we’ve started an exciting movement to create a healthier, more sustainable future for everyone. If you believe in developing a better tomorrow, read on. About the Role This position is responsible for providing consultation, professional advice, awareness/training on information security and key technology risk matters relating to the...
-
Senior Manager, Client Information Security
7 months ago
Singapur, Singapore Singtel Full timeNCS is the leading technology services firm that operates across the Asia Pacific region in over 20 countries, providing consulting, digital services, technology solutions, and more. We believe in harnessing the power of technology to achieve extraordinary things, creating lasting value and impact for our communities, partners, and people. Our diverse...
-
VP, Business Information and Cyber Security Manager
7 months ago
Singapur, Singapore United Overseas Bank Full timeVP, Business Information and Cyber Security Manager Posting Date: 24-May-2023 Location: Alexandra (City Area), Singapore, Singapore, 048624 Company: United Overseas Bank Ltd About UOB United Overseas Bank Limited (UOB) is a leading bank in Asia with a global network of more than 500 branches and offices in 19 countries and territories in...
-
VP, Business Information and Cyber Security Manager
7 months ago
Singapur, Singapore United Overseas Bank Full timeVP, Business Information and Cyber Security Manager Posting Date: 16-May-2023 Location: Singapore (City Area), Singapore, Singapore, 048624 Company: United Overseas Bank Ltd About UOB United Overseas Bank Limited (UOB) is a leading bank in Asia with a global network of more than 500 branches and offices in 19 countries and territories in...
-
VP - Information Security Lead
7 months ago
Singapur, Singapore 11112 Citibank, N.A. Singapore Full timeAbout Citi: As a bank with a brain and a soul, Citi creates economic value that is systemically responsible and in our clients’ best interests. As a financial institution that touches every region of the world and every sector that shapes your daily life, our Enterprise Operations & Technology teams are charged with a mission that rivals any large...
-
Information Security Assessments Program Director
6 months ago
Singapur, Singapore 11112 Citibank, N.A. Singapore Full timeThe Info Security Ops Sr Group Mgr is a senior management level position responsible for accomplishing results through the management of a team or department to drive Citi's Cyber Security Assessments Program Management. The overall objective of this role is to ensure the Information Security Assessments Program prioritizations, design and communications...
-
Singapur, Singapore 11112 Citibank, N.A. Singapore Full timeThe VP - Information Security Analyst – Service Management is a senior level professional who is responsible for driving efforts in delivering security services and ensuring alignment of security operations with ongoing business needs. Additionally, this role demands continuous improvement in service delivery processes. Works closely with various lines...
-
Singapur, Singapore 11112 Citibank, N.A. Singapore Full timeThe AVP - Information Security Analyst – Service Management is responsible for contributing to efforts in delivering security services and ensuring alignment of security operations with ongoing business needs. Additionally, this role demands continuous improvement in service delivery processes. Works closely with various lines of businesses within and...
-
Singapur, Singapore United Overseas Bank Full timeFirst VP, Business Information and Cyber Security Manager Posting Date: 24-May-2023 Location: Alexandra (City Area), Singapore, Singapore, 048624 Company: United Overseas Bank Ltd About UOB United Overseas Bank Limited (UOB) is a leading bank in Asia with a global network of more than 500 branches and offices in 19 countries and territories...
-
Information Technology
7 months ago
Singapur, Singapore Singapore Airlines Full timeJob DescriptionYou will be a member of the Group Information Security Team responsible for ensuring that IT solutions are developed and designed with security inbuilt. Key Responsibilities Provide security consultancy, technical guidance, expertise, solutions, and education for the enterprise. Advise IT application and infrastructure teams on application and...
-
Assistant Vice President, Information Security
3 months ago
Singapur, Singapore Shangri-La Full timeWe are looking for someone who has: Bachelors degree holder, preferably in a relevant discipline Minimum 6 years of relevant experience in managing information security function for a sizable company Hands-on experience in developing and implementing enterprise-level information security policies & procedures, and training Familiar with legal,...
-
Senior Information Security Analyst
2 months ago
Singapur, Singapore TD Bank - Singapore Branch Full timeDescription : Department Overview The Business Information Security Officers (BISO) group supporting TD Securities and Treasury Balance Sheet Management is looking for a capital markets technology risk professional to join our team. You will be working with business, technology, and risk partners to advise, assess, and monitor technology risk and...
