Manager Information Security Policy Standards
Apply now
Location: Malaysia
Job type: Permanent
Aircraft type:
Contact:
Sector: IT & Communications
Job Role:
Job Title
Manager, Information Security Policy & Standards
Reports To
Senior Manager, Information Risk & Security
Division
Information Technology
Department
IT - IT Stratgey & Governance
Role Purpose
* Responsbile the implementation, operation and maintenance of the Information Security Management System (ISMS) as mandated by government for all Critical National Information Infrastructure (CNII)
Key Accountability
* Establish Information Security Management System (ISMS) based on the ISO/IEC 27001 in order to ensure sufficient security controls are implemented to protect information assets
* Develop and make relevant Corporate Information Security Policy (CISP), standards and guidelines that direct the selection, implementation and secure usage of information technology within the enterprise
* Perform information security risk assessments and assess the control environment of the business processes and applications under review, including both manual and automated processes in accordance with the information security program
* Develop remediation and corrective action plans with related governance and operational functions such as Physical Security/Facilities, Risk Management, IT, HR, Legal and Compliance
* Lead the development of related compliance monitoring and improvement activities to ensure compliance both with internal security policies and applicable laws & regulations
Qualification & Working Experience
*
Degree in Information Technology, Information Management, Engineering, Computer Science or equivalent with 7 years experience in managing Information Security or IT organization or
*
Certificate in ISO/IEC 27001 Information Security Management System (ISMS) Lead Implementer certification
Skills & Knowledge
* Sound knowledge in information security and risk management framework
* Knowledge in information security risk assessment
* Excellent Communication & Interpersonal skills
Key Challenges
* Evolving Information threats targeting businesses
* Staff ignorance and lack of awareness in information security
* Increasing business outsourcing where business & customer information are in multiple legal jurisdiction & managed by various parties
Apply for this job