Job scope:
• Take responsibility for executing the measures as defined in the security framework in DPDHL Information Security Target Model (ISTM) in the Asia Pacific region (APAC)
• Focus on information, business, and compliance risks related to Information Security
• Work closely with Regional Information Security Officer (RISO) in implementing the mandate for Information Security in APAC region
• Focus on securing critical business processes, applications, and IT systems through regular assessments conducted by internal or external partners; and coordinate resolution with product teams
• Assisting in vendor assessment from security perspective
• Consult as SME in assessment of new applications / projects being introduced to the APAC IT landscape
• Ensure that new information systems are developed securely, by actively consulting and guiding the team at all stages
• Performing research/analysis on software, tools and technologies relating to security that are used in the APAC region.
• Manage information security management processes, standards, and procedures to ensure control effectiveness and compliance
• Working with external Security Service Providers to ensure the cloud environment used by the APAC region is effectively secured and compliant against DPDHL group wide ISTM
• Communicate the status own area of responsibility to the RISO and management team
• Support RISO in conducting regular review of security exemptions active for applications being developed in region
• Support RISO in security awareness related activities in APAC
Requirements:
• At least 4 years of experience in Information Security, with good exposure to Governance, Risk Management and Compliance (GRC)
• Sound knowledge in most of the following aspects - Secured Application and System Development, Cloud security, security project management
• Familiarity in following aspects is advantageous - Business Continuity, Disaster Recovery, Security Operations, Incident Management
• Ability to work in a regional setup, with remote stakeholders
• Passionate in the information security domain and activity seeking greater exposure
• Self-starter mindset and able to deliver results with minimal supervision
• Ability to collaborate with multiple stakeholders from different regions or divisions