Information Security Officer
¥1000万 - 1200万 / annum
12月 8, 2017
We are looking for a strong hands-on Information Security professional to be a leader of a comprehensive security and privacy program at a global insurance company.
Coordinate the development of company information security policies, standards and procedures. With key IT owners, data custodians and governance groups in the development of such policies. Ensure that company policies support compliance with external requirements, and head office. Oversee the dissemination of policies, standards and procedures to the community.
Monitoring of Security, Measurements, Enforcements
Ensure the safety of informational assets from threats both external and internal by monitoring the enforcement of technical and procedure measurements
Education and Training
Coordinate the development and delivery of an education and training program on information security and privacy matters for employees, other authorized users.
Compliance and Enforcement
Serve as the company compliance officer with respect to both head office and local security policies and regulations. Work with enterprise operational risk management where necessary. Prepare and submit required reports to external agencies where required.
Follow and improve existing Incident Reporting procedures, both for security incidents, and any alleged policy violations or potential complains from external parties. Serve as the official contact point for information security, privacy and any potential relationship with law enforcement agencies.
Risk Assessment and Incident Prevention
Maintain on-going risk assessment program targeting information security and privacy matters; recommend methods for improved vulnerability detection and remediation, and oversee and advise on vulnerability testing.
Act as the “Head Of IT Securities” designee representing company on Information Security matters; serve as a contact point for external auditors and agencies, survey requests, etc. on security/privacy matters.
Keep abreast of latest security and privacy legislation, regulations advisories, alerts and vulnerabilities pertaining to the company and its overall mission.
The emphasis of this position is on policy development, administration and compliance/incident response activities, and technical knowledge. Candidates with less technical/policy knowledge will be considered when there is competing knowledge in other related areas. Help will be provided on job for any candidates that lack related knowledge but have other redeemable qualities.
University degree or similar discipline required. Security certifications preferred but not essential. Minimum TOEIC level of 500 required.
Minimum five years of experience in information security, information technology or related field; experience in developing and administering an information security program desirable. Working experience of and experience in the policy and regulatory environment of information security, especially in the insurance industry is desirable. Excellent project management, written and oral communication skills desired; ability to work collaboratively with a broad range of constituencies essential. A demonstrate ability to work with a diverse group of people is required.