Outsourcing Governance

  • Competitive
  • Singapore
  • Permanent, Full time
  • Morgan McKinley Singapore
  • 15 Nov 18

Outsourcing Governance

Responsibilities:

  • Responsible to establish, communicate and maintain Cybersecurity Risk Governance Framework.
  • Ensure that Cybersecurity requirements are practical and communicated to all relevant parties.
  • Communicate identified cybersecurity risks to stakeholders and provide the required risk advisory to assist the stakeholders to make the appropriate decision to address the identified risks.
  • Ensure stakeholders adhere to the Cybersecurity Risk Management Framework.
  • Work with Group Legal, Risk and Procurement to ensure that Cybersecurity Risk Management Framework remains relevant to each Business Units.
  • Ensure all Business Units stakeholders understand and comply with cybersecurity risk governance framework through awareness campaigns.
  • Demonstrate professional, pro-active qualities in dealing with internal clients and stakeholders.
  • Attend required meetings on information security governance, risk, and compliance topics.
  • Assist in the development, implementation and maintenance of policies, standards, and operating procedures as required.
  • Escalate issues arising from policy non-compliance to the reporting manager.
  • Maintain strategic vendor partnerships, relevant education and certification.

Requirements:
  • Professional certification such as CISSP, CISM or other similar credentials will be highly advantageous
  • Minimum 2 years of practical experience in vendor security management.
  • Minimum 6 to 10 years of experience as an Information Security Professional
  • Experience working as part of an internal Audit, Governance and Compliance team.
  • Advanced understanding in the following areas: Platform Security, Data Security, Network Security, Physical Security, Security Assessment Tools, Security Monitoring Tools.
  • Advanced understanding in the following areas: Security Governance Standards, Business Continuity Planning, Enterprise Risk Management, Computer Security Incident Response, and Security Compliance Audits.
  • Have exposure to other compliance audits such as PCI-DSS, SSSAE, ISO27K, SOX, and other information security framework