OFFICER, INFORMATION SECURITY GOVERNANCE

Job Summary

The Regional Information Security Governance Officer is responsible for ensuring the effective design, implementation, and maintenance of the organization’s information security governance framework. This role supports the enhancement of the company’s security posture by aligning practices with ISO 27001, NIST, ITIL, and internal policies across the Asia Pacific region.

Job Description

Governance & Policy Management

• Ensure alignment with global governance frameworks and local regulatory requirements.
• Facilitate policy reviews and updates in collaboration with stakeholders.

Risk Management

• Conduct regional information security risk assessments and support mitigation planning.
• Monitor emerging threats and regulatory changes impacting the region.
• Collaborate with business units to ensure risk awareness and ownership

Compliance & Audit

• Support internal and external audits related to information security.
• Ensure compliance with frameworks such as ISO 27001, NIST, GDPR, and local data protection laws.
• Track and report on compliance with applicable laws, regulations, and frameworks (e.g., ISO 27001, NIST, Local Privacy Laws).

Metrics & Reporting

• Maintain dashboards and reports on governance, risk, and compliance (GRC) metrics.

AI Governance

• Evaluate AI use cases for compliance, fairness, transparency, and risk.
• Monitor AI systems for bias, accountability, and explainability.
• Facilitate AI risk assessments and maintain documentation for internal reviews.

Note:

• Scope of work will be revised depending on the management needs or request. Others related duties as and when assigned by the superior from time to time

Education

• Bachelor’s degree in computer science, Information Technology, or a related field.

Skills

• Minimum 2-3 years of experience in information security.
• Strong understanding of information security frameworks, such as ISO 27001, NIST, and COBIT.
• Proficiency in using security tools and technologies, such as vulnerability scanners, and incident response management.
• Excellent analytical and problem-solving skills, with the ability to identify and mitigate security risks.
• Effective communication and collaboration skills to work across different departments and stakeholders.
• Proven track record of successfully managing security-related projects, including the implementation of new security technologies, policies, and procedures.