Information Security Officer (ISO) Asia-Pacific

​The Information Security Officer APAC implements the global information security requirements and specifies/expands them based on regional information security requirements without being contradictory to the global requirements. The Information Security Officer APAC is the CISO’s first contact regarding all security topics within this time zone / region and responsible for all information security topics within the region.

• Implements the global security and business continuity requirements and specifies/expands them based on regional security and business continuity requirements without contradicting the global requirements

• Assesses region specific security and business continuity requirements and ensures identification and collection of security demands of the region, business partners and security business partners

• Identifies new security and business continuity needs within the region, especially with regards to trends and risks

• Identifies and addresses legal and customer security requirements within the region

• Supports the implementation of the global Information Security Management System (ISMS) and global business continuity standards within the region

• Implements the global risk-based approach to protecting information and other assets within his/her region and performs vulnerability management related tasks

• Manages information assets and security and business continuity risks on regional level by working closely with the accountable process owners

• Coordinates or performs the Business Impact Analysis (BIA) and defines, tests, and supports the execution of the Business Continuity Plans (BCP) together with the accountable process owners within his/her scope of responsibility

• Establishes and maintain key relationships, collaborations, and partnerships to advance security and business continuity objectives with the regional leadership, local managing directors, process owners, other business engagement counterparts, IT, facility management, production, product development, legal and compliance and others.

• Collaborates with local/global asset owners to ensure all security related controls and measures in his/her responsibility are implemented, managed, controlled, and reported

• Performs security and business continuity reviews and audits within his/her region and monitors the information security requirements within his division

• Can functionally instruct the Local Information Security Officer (LISO) and receives continuous reporting from the LISOs

• Participates in the security and business continuity incident handling process in accordance with assigned role during the declaration of the incident

• Responsible for reporting security and business continuity incidents in accordance with the incident handling process for his scope of responsibility

• Act as a LISO for the home location(s)

• Bachler or master’s degree in Information Security / Cybersecurity, Business Administration, Information Technology, Computer Science or a related technical discipline
• Security and Business Continuity Certifications advantageous (CISSP: Certified Information Systems Security Professional, CISM: Certified Information Security Manager, ISMS Lead Implementor, ISMS Lead Auditor, BCMS Implementer, BCMS Lead Auditor)
• IT (Security) Certifications advantageous (e.g. ITIL: Information Technology Infrastructure Library, COBIT: Control Objectives for Information and Related Technology, CISA: Certified Information Systems Auditor)
• 5+ years of experience in leading position related to Cyber- or Information Security
• Very well knowledge of (cyber) security technologies and methods (threat landscapes, models, standards) and well as business continuity
• In-depth know-how in management-systems, audits, dealing with audit-findings
• In-depth know-how in ISO 27001, NIST SP 800-171, IEC 62443, ISO 22301
• Knowledge security standards such as ISO, PCI, HIPAA and SOX advantageous
• Experience in system and network design
• Experience in O365 and Azure Security
• Experience in multivendor Management and dealing with multiple suppliers
• IT Service Management and ITIL process framework advantageous