Job Objective: Working under the leadership of CTO, the role of the Head of Information Security & Data Protection is to lead and improve the organisation's information security practices, including the development and implementation of security plans, policies and procedures to safeguard the company's sensitive data and compliance with applicable laws and regulations. This position is essential for safeguarding the confidentiality, accuracy and availability of company information assets
Roles and responsibilities: 1. Information Security Strategy: Develop and maintain a comprehensive information security strategy that aligns with the company's goals and objectives.
2. Policy Development: Create, update, and enforce information security policies, standards, and procedures to mitigate security risks.
3. Risk Management: Identify and assess information security risks, and develop risk mitigation plans.
4. Security Awareness: Promote a culture of security awareness and provide training to employees to ensure they understand and follow security best practices.
5. Compliance: Ensure compliance with relevant laws, regulations, and industry standards, such as ISO 27001, PDPA and others.
6. Incident Response: Develop and maintain an incident response plan to effectively respond to and mitigate security incidents.
7. Security Technologies: Evaluate, select, and implement security technologies and solutions to protect the organization's infrastructure and data.
8. Security Audits: Plan, coordinate, and participate in security audits and assessments, and work on remediation efforts as necessary.
9. Security Monitoring: Implement and manage security monitoring tools and processes to detect and respond to security threats in real-time.
10. Vendor Management: Evaluate and manage security vendors and third-party services to ensure the security of external partnerships and collaborations.
11. Security Governance: Lead the information security governance framework, ensuring that security policies and practices are consistent across the organization.
12. Reporting: Provide regular reports to senior management on the state of information security and recommended improvements.
13. The person will be the focal liason to NACSA, as per CyberSecurity Act.
14. The person will also be managing/overseeing the ISMS ISO27001 initiatives.
15. At the same time, the person will be responsible in managing our SOC service from governance and policy making perspective.
Job Requirements A Bachelor's degree in Information Security, Computer Science, or a related fieldProfessional certifications such as CISSP, CISM, CISA, or similar.Minimum of 10 years of experience in information security management. Strong knowledge of security best practices, risk management, compliance, and security technologies. Perks & Benefits Nearby public transport (10mins walk from Pandan Jaya LRT Station)Structured training & On-the-job trainingFlexible working hoursRegular team activitiesMedical insuranceAnnual leaveTwo (2) hours lunch on every Friday