The Information security officer (ISO) reports to the Head of IT. The candidate will be working with the regional ISO as well as our group BISO in implementing IT and Cyber security standards to support Principal’s Asset Management business. 

The ISO will proactively provide guidance on implementation of security measures and controls weighing the consequences of any action and alignment to the SC guidelines.  The ISO is required to provide tactical and strategic evaluations of workflows, dependencies, budgets, and resources based on the emerging cyber security threats.

The ISO is expected to lead on communication to management and all impacted staff to ensure effective coordination for cyber security incident management and ability to work with second and third line defense to further strengthen the organization’s network from external threat.

1. The ISO focus on areas are not limited to the below:-

• Security operation centre
• Identity management
• User Access review
• Data loss prevention
• Patch management
• Cyber Security management
• Asset management
• Awareness and training
• Third party risk assessment

2. Core skill for this role are:-

• Engage with the stakeholder to assess Security threats/ vulnerability and management of the technology risk
• Govern the compliance with the Principal Information Security policy (ISP)
• Engage country IT infrastructure and applications team to review Security controls against the ISP

3. Reporting

• Provide Information Security updates, feedback to the appropriate stakeholders

4. Implementation and governance of cyber Security controls

• Partners with PI BISO and Principal’s Information Security and Risk (ISR) department for technology implementation, technology, procedures, and policies in alignment with the Principal Information Security program.
• Acts as the subject matter expert (SME) related to local regulations for Information Security.
• Responsible for the implementing and testing adopted NIST controls within the member company.
• Coordinates the implementation of compliance requirements related to information security and privacy laws and local regulations.
• Responsible for the creation, implementation of country/member company specific information security processes and procedures.
• Provide support to the internal and external IT audits engagement;
• Monitor and evaluate the effectiveness of the enterprise's cybersecurity controls

Job requirements:

• Good writing and analytical skill
• Ability to communicate effectively
• Considerable knowledge and experience of best practices in IT Security
• High degree of personal commitment, interpersonal skills with clear strategic vision and proven communication and supervisory skills

• Strong relationship building and communication skills with employees at all levels
• Strong research, documentation, and organizational skills
• In-depth knowledge with industry standard technology, information, and cyber risk/ security management framework
• Process knowledge or regulatory supervision with Security Commission

• Minimum degree in Computer Science or equivalent technical degree (CISSP, GIAC, etc.)
• Have a minimum and proven experience (8+ years) as an IT info security professional
• Ability to work well under pressure and response to tight deadlines in a fast-paced environment
• Through understanding of U.S NIST 800-53 framework and controls AND/OR ISO 27k