Job Description

1. Development, implementation and maintenance of the information security policy & procedures to ensure all up to date.  
2. Develop, implementation and manage of governance policy frameworks e.g  risk appetite, strategies and operational priorities for information security strategies.
3. Monitoring information security strategies  and industry trends into consistently abide by a best practice in industry  
4. Consult and engage with stakeholders and vendor to ensure align with industry and regulatory/legal requirement.  
5. Implementation of ISO 27001 compliant information security policies, controls and processes  
6. Provide assurance to governance and other functions and senior management on compliance to Policies and standards  
7. Manage and maintain the dashboard reporting for all information security compliance efforts within the organization, including the tracking  and monitoring of the status of documentation, testing and remediating efforts.  
8. Prepare and manage CISO budget which inclusive OPEX and CAPEX and provide monthly report to Finance / Budget Team
9. Lead and guide the Security Governance team in order for them to support the EISC Team  
10. Drive the PCIDSS implementation and certification for payment card industry.

Job Requirements

• ISO 27001 Lead Auditor (would be an advantage) 
• CISA / CISM/ CISSP (would be an advantage) 
• Good understanding of Information security related standards and best practices (these include ISO 27001, NIST, PDPA, PCI-DSS, Cyber crime act, 3GPP, ITU-T x.805, ITU-T, IETF,TIA, ETSIetc.) 

• Information Security Management (8-10 years) 
• Information Security Compliance (8-10 years) 
• Information Security Operations (5-6 years) 
• Information Technology / Telecommunications / (5-6 years) 

Additional Info