Lead the management and operation of the Information Security Management System (ISMS)
Review all ISMS policies, procedures and other core ISMS framework documents like Statement of Applicability (SOA), Catalogue of Documents (CoD) etc, for all in-scope departments and ensure they are all updated
Manage the ISMS risk management program by reviewing all existing asset registers and risk registers
Collaborate with the IT Global stakeholders and the Information Security Department on a regular basis to ensure the ISMS operates smoothly and continuously improves
Conduct meetings with the Management Forum and Information Security committee and tracking the minutes of meetings and agenda.
Liaison with external auditors from certification agency to ensure all scheduled surveillance audits are completed as planned.
Manage all internal and external audit findings and ensure their remediation on an agreed schedule with the respective IT department managers.
Drive continuous improvements of the ISMS by designing and implementing effective metrics
Support the various ISMS roles with their responsibilities as documented in the ISMS operations manual
Regularly review the scope of the ISMS and ensure it remains relevant for the group, clients and regulators
Escalate risk and issues relating to the management and operation of the ISMS to Global CISO and other interested parties as appropriate
Maintain ISMS portal and documentation up to date
Manage ISMS communications
Report ISMS status to IT Global stakeholders and the Global CISO
Third Party Vendor Assessments
Manage Vendor and technology assessments end to end, for supplier and various applications that enable the business day to day operations
Ensure that technical assessments are conducted in a timely manner and the risks are communicated to the requestors in a professional manner
Manage organizational adoption of Artificial Intelligence (AI) while maintaining balance between risk and opportunities that Generative AI (GenAI) brings to an enterprise environment.
Required Skills and Qualifications:
Master’s or bachelor’s degree in computer science/information systems or equivalent experience in Information Systems preferred
8+ years developing, implementing, and governing security operations and technology in large, complex enterprises in multiple industry verticals, across a wide range of technology platforms
6 years of business experience in running an ISMS based on ISO27001
Must be a certified lead implementer or a certified lead auditor on ISO27001
Professional security qualifications such as CISSP and/or CISM preferred Applicant must be willing to obtain certification, if they are not already certified
Knowledge of key principles and framework surrounding an Information Security Management System (ISMS) and preferably with other related frameworks like ISO27002, ISO27005, ISO27017
Good knowledge of regional issues and structures, ability to work with people from many different cultural backgrounds
Strong technical skills of understanding ISO 27001 controls implementation
Strong technical skills and experience in assessment of GenAI solution technology risks in a global organization
Hand’s on auditing experience and understanding on how to identify key Risk areas in Technical Solutions and their architectural design.
Ability to conduct technical assessments
Deep hands-on experience in providing governance in the design, development, and deployment of business software at scale in SaaS, PaaS, and IaaS environments
Professional experience and good technical knowledge of application security, system security, network security, authentication/authorization protocols, and cryptography
Strong ability to multi-task and work independently within a global team
Methodical approach to work, attention to detail and delivery of high quality results
Excellent interpersonal and communication skills
Fluent in English, other spoken languages a plus
Holds a valid passport and able to travel periodically on business assignments Education / Academics
Associate Director GRC - Information Security