Argyll Scott is helping the client looking for Head of IT Security/Infosec. This role will responsible for the development, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program
Key Responsibilities
- Work directly with the business units to facilitate risk assessment and risk management processes
- Develop and enhance an information security management framework
- Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services
- Provide leadership to the enterprise's information security organization
- Partner with business stakeholders across the company to raise awareness of risk management concerns
- Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems
- Review investigations after breaches or incidents, including impact analysis and recommendations for avoiding similar vulnerabilities
- Maintain a current understanding the IT threat landscape for the industry
- Ensure compliance with the changing laws and applicable regulations
- Translate that knowledge to identification of risks and actionable plans to protect the business and schedule periodic security audits;
- Make sure that cyber security policies and procedures are communicated to all personnel and that compliance is enforced.
- Manage all teams, employees, contractors, and vendors involved in IT security which may include hiring.
- Provide training and mentoring to security team members.
- Constantly update the cyber security strategy to leverage new technology and threat information.
- Brief the executive team on status and risks, including taking the role of champion for the overall strategy and necessary budget.
- Encourage employee in Tech and Non-tech to understand security best practices and risk to build secure platforms such as software, infrastructure, and processes.
Key Qualifications
- Bachelor or Master's degree in Computer Engineering, Computer Science, Cyber Security or related technical field
- 10 years of work experience in information technology (at least 5 of these years must be in the field of information security and at least 2 years in management level)
- Experience in Banking /Financial industries and work with regulator such as BOT
- Hands-on Experience in writing company-wide security policies and controls
- Knowledge of common information security management frameworks, such as ISO/IEC 27001/27002, COBIT and/or NIST
- Knowledge about global Data Protection Regulations and the Personal Data Protection Act
- Knowledge of E2E security design including network, platform and application
- Experience in system and applications security management and control
- Experience with security technologies, including Intrusion Detection System (IDS) monitoring
- Incident Response, and Disaster Recovery Planning
- Experience in facilitating information security risk assessments
- Technical writing, documentation development, process mapping, and visual communication skills
- Specific experience in agile software development practices in combination with CI/CD
- Experience with Cloud computing and Cloud security practice
- Experience with contract and vendor negotiations and management including managed services
- Professional certificates related to work (e.g. CISSP, CISM, ISO 27001, PCI DSS or similar general security certification) is very desirable
- Good command of English
Argyll Scott Asia is acting as an Employment Agency in relation to this vacancy.