Responsibilities
Develop, implement and monitor a strategic, comprehensive enterprise information security and risk management program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the organization.
Create and manage information security and risk management awareness training programs for all employees, contractors and approved system users.
Work directly with the business units to facilitate IT risk analysis and risk management processes, identify acceptable levels of risk, and establish roles and responsibilities with regard to information classification and protection.
Provide subject matter expertise to executive management on a broad range of information security standards and best practices, such as ISO 17799, CobiT and ITIL.
Manage security incidents and events to protect corporate IT assets, including intellectual property, fixed assets and the company's reputation.
Develop effective disaster recovery policies and standards; coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a declared disaster, and provide direction and in-house consulting in these areas.
Manage the enterprise's security organization, consisting of direct reports and indirect reports (such as individuals in business continuity and IT operations
Requirements
Degree in any discipline
Minimum of eight years experience in a combination of risk management, information security and IT.
Experience with contract and vendor negotiations.
Excellent written and verbal communication skills; interpersonal and collaborative skills; and the ability to communicate security and risk-related concepts to technical and non-technical audiences.
Knowledge of technological trends and developments in the area of information security and risk management.
Project management skills; financial/budget management, scheduling and resource management.
Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
Professional certification, such as a CISSP, CISM, CISA or other information security credentials, is preferred.
Knowledge of security and control frameworks, such as ISO 17799, CobiT, COSO and ITIL.
Suitable applicants are invited to send in a detailed MS Word resume to yeelai.lim@magenta-consulting.com stating present/expected salaries and earliest available date.We thank all applicants in advance and regret that only short listed candidates will be notified.
