Regional CISO, APAC

Overview

The Liberty International Insurance (LII) APAC Regional Chief Information Security Officer (CISO) is responsible for providing leadership and strategic alignment to global enterprise security policies and initiatives, whilst enabling the regional and country business goals and initiatives to achieve competitive advantage. The CISO collaborates with a wide variety of stakeholders across the globe and the broader organisation (Tech and non-Tech) to direct the overall planning and execution of enterprise and regional security related initiatives, as well as ensuring security-related BAU activities are executed to a high level of service standards and efficiency. The CISO champions a flexible, highly adaptable and secure operating environment that is responsive to the evolving threat landscape who also focuses on building and maintaining the digital trust. The CISO is expected to be a master communicator who is confident but humble, and capable of speaking effectively with all levels within and outside the organisation. The ideal CISO is a person who focuses on building a synergistic team across the region to collaborate effectively whilst enabling the team to support local market specific needs. The CISO must have a strong technical background and fully understands threats, risk mitigation and technical controls. Last but not least, the CISO assumes accountability for the daily tactical operations and overall strategic execution of the team under their leadership.

The CISO reports to the Head of Technology Risk and Cybersecurity for LII APAC and Global Risk Solutions (GRS) Business Information Security Officer (BISO).

The Regional CISO sits within the broader Technology Risk Governance and Cybersecurity Team. The team serves as the guardians of Liberty Mutual’s organization and customer data. As a team dedicated to enable the business, this role and the team support the delivery of digital transformation and resulting capabilities whilst aligning with corporate security policies and standards. The team champions the design and delivery of a modern tech risk and control testing framework that mitigates and monitors potential risks.

• By bringing together the security team across the region, develop and execute a set of regional security goals and roadmap that aligns to global policies and standards to effectively secure and enable the regional business to achieve its strategic objectives, build digital trust with our customer, partner and employee and attain competitive advantage.
• Work with regional Risk and Compliance teams to ensure compliance with regulatory requirements across the region. Identify synergies across the region and the globe as part of the exercise.
• Work with regional and country leadership teams to prioritize and execute remediation effort based on severity and impact of gaps identified. Establish a security maturity model that is tracked and adaptable to necessary changes.
• Engage and collaborate with a wide group of stakeholders, including but not limited to Global Risk Solutions (GRS) BISO team, Global Cyber Security (GCS) teams, Liberty International Insurance (LII) teams, LII APAC Regional Tech Leadership including Tech Risk, Country tech Leadership, as well as department/functional leaders, Risks, Compliance, Legal and Privacy teams across the globe.
• As key conduit for Global-region-country communications, empower country-level security leadership and encourage open communication with the goal of operating as “one team”. Drive learnings and standardization where practical and relevant.
• Work with Global/regional/country teams to define clear RACI on key security initiatives, processes, risks and controls.
• Lead or play a key role in major incidents, disaster recovery and business continuity events to minimize business and customer impact. Ensure lessons learnt are always conducted and applied to foster continuous improvement.
• Drive a strong security culture across the region through different communication channels and on-going training/awareness program with a view to safeguard virtual and physical information assets.
• Influence internal and external constituents, and relays best practice recommendations based on the evolving threat landscape to protect intellectual property and ensure compliance.
• Define regional or monitor globally defined key performance indicators (KPIs) and metrics that align with business initiatives and deliver them to non-technical individuals in an effective, understandable manner.
• Identify and develop business case on opportunities for security technology advancement to establish highly effective solutions designed to prevent and detect advanced threats to the company networks and systems.
• Report regularly to senior management and/or boards, keeping them abreast of the threat landscape and the tactical controls and strategic plans to achieve success.
• Make process improvements and leverage global capabilities to allow for effective automation and orchestration to maximize team talent and streamline routine tasks.
• As an empathetic leader, respect and work with team members and staff from a diverse background and geographical location. Mentors the security team and places a heavy emphasis on employee retention – is a people-first leader.
• Engage and manage third party relationships where required and ensure return on investment.
• Work with relevant teams including business leaders, Legal, Compliance, Privacy, Risk and Procurement to ensure Third- and Forth-party security management practices are in place as part of onboarding as well as on-going monitoring.
• Work with business units towards defined standard on responsible use of artificial intelligence (AI) and machine learning (ML).
• Optimizes and secures cloud infrastructure and applications required to support a dispersed remote workforce.

• Bachelor's degree in Computer Science, Information Assurance, MIS or related field, or equivalent. MBA or Master’s degree in Information Assurance / Technology is preferred.
• Preferably 10-15+ years’ management experience, with 5-8+ years’ technical hands-on security, audit and risk management practitioner experience.
• At least 5 years’ experience working with business leaders holding fiscal responsibilities.
• CISSP (highly recommended); CISM (preferred) and/or SANS certification a plus.
• Strong written and oral communication skills across varying levels of the organization.
• Understanding of service design, delivery concepts and control frameworks.
• Solid organizational skills and the ability to multi-task, prioritize workloads and delegate responsibilities.
• Proven ability to receive security team recommendations and act assertively to support objectives.
• Effective stress management in a constantly changing environment.
• Highly focused on building and implementing a strong, cohesive team and security culture.
• Excellent judgment and the ability to make quick decisions when working in complex situations.
• Forward thinking with strong business acumen and flexibility.
• Ability to motivate the team to achieve excellence and give credit where it is due.
• High degree of integrity, trustworthiness and confidence; represents the company and its management team with the highest level of professionalism.
• Ability to work effectively with a variety of personalities and adapt to effectively reach and develop the team. Uses this skill as well as functional knowledge to both earn and maintain a high level of credibility with the team.
• Strong believer in enhancing employee skills and promoting training, use of cyber range skill improvement, and breach and attack simulation (BAS) solutions.
• Requires periodic awareness training for company employees on information security topics and allocates security budget to train technical staff members.
• Openly supports the organization, the management team and executive leadership team, even during times of adversity.
• Leads security-related projects from inception to successful completion and is capable of effectively coaching technology staff on appropriate security protocols and needs as they implement new technology into the organization.