One of the leading International Insurance company is recruiting for a candidate who has strong experiences on Security Compliance with ISO27001 and PCI DSS for the position of Information Security and Governance Senior Consultant.
- Work closely across business channels to identify and assess security risks, gaps in the application of policies and standards, and weaknesses in processes, and take a lead role in managing them. This position will work closely with the wider team to deliver a number of group-wide security improvement initiatives.
- Working with Company Regional Office Security and Company Global Security. This position will implement security policies, standards, procedures, and guidelines for the organization in compliance with ISO27001 and PCI DSS.
- Provide consultation to local teams to ensure that locally implemented technology solutions meet the company security standards, government rules, and regulations.
- Coordinate with technology and business groups to assess, implement, and monitor IT-related security risks/hazards.
- Support regional audit, financial audit, ITSP audit and follow-up the remediation of findings.
- Plan and coordinate Disaster Recovery testing.
- Develop security policies, standards, procedures and guidelines in compliance in ISO 27001.
- Implement security controls to the company to achieve ISO27001 certification.
- Provide consultation to business units and IT team to operate in compliance with ISO27001
- Develop security policies, standards, procedures and guidelines in compliance in PCI DSS standard.
- Develop a Cardholder Data Flow diagram
- Provide consultation to business units and IT team to minimize PCI DSS scope and operate in compliance with PCI DSS.
- Implement security controls to the company in compliance with PCI DSS standard
- Identifying, reporting to Management, monitoring and mitigating risks in IT security and compliance
- Prepare monthly reports on risk analysis reviews, security compliance reviews,
- Manage and conduct Information Risk Assessment (IRM) with relevant Business Units in compliance with IT Security Standard and best practice
- Perform RCSA (Risk Control Self-Assessment) to identify risk and work out to define mitigation activities, analysis, review, follow up actions and report to CISO, CIO and Operation Risk.
- Support and coordinate with business managers in the risk analysis process and track to ensure action items are completed
- Bachelor's degree in the IT-related field.
- Minimum of 5 years' experience in information security management, information risk management security tool implementation and/or IT Security Operations
- CISSP, CISM, CISA, CRISC, GIAC and/or CEH certifications preferred
- In-depth knowledge of security standards, such as ISO27001, PCI DSS, and experience in their implementation
- Advanced knowledge of information risk management, business protection systems, and technology associated with information security
- Computer literacy, good in using Microsoft Office and Microsoft Visio.
- Good command of written and spoken English.
- Good interpersonal skills - able to communicate effectively with various levels (from end-users to executive).
- Logical & systematic approach to problem-solving
- Experience in Disaster Recover Management, including backup and recovery processes
Argyll Scott Asia is acting as an Employment Agency in relation to this vacancy.