APAC Cyber GRC, AVP

Who we are looking for

An Information Security Officer who will be part of a team across APAC; responsible for ensuring the security of the business and functional teams in line with company security policy and risk tolerances.

What you will be responsible for

· Align to the mission of continuously improving the cyber risk posture regionally; and actively contributing to the global cybersecurity program.

· Consistent and effective engagement with Information Technology, Business leadership to embed security into their strategic and tactical plans.

· Addressing cyber security and risk posture within the region.

· Anticipate and address the cyber security requirements from various regional regulators

· Being a Trusted Security Adviser to the Regional Leadership teams.

· Engage with regional regulators and legal entity boards on the subject of cyber security and cyber risk.

· Assist in the development and successful outcomes of Security KPIs that drive control effectiveness.

· Directly support security assessments and drive required improvements in response to assessments.

What we value

· Foster a high performing team environment.

· Collaborate across Global Cyber Security and business lines to ensure alignment addressing security risk in their products and services.

· Create visibility through effective metrics and reporting.

· Build and nurture positive working relationships with clients with the intention to exceed client expectations.

· Positioning security within the business with the ability to communicate in non-technical terminology.

· Partner with your stakeholders to identify, evaluate, and address cyber security risks.

· Ensures and monitors security compliance with industry and government rules and regulations.

· Coordinates with technology and business groups to assess, mitigate, and monitor IT-related security risks.

· An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, and actionable manner

· Report security performance against established security metrics.

· Promote information security awareness program to ensure staff members across the organization understand the trade-off between risk and return.

Desired Outcomes

· Delivery of effective security outcomes that drives improvements of security within the business.

· Continuous improvement of cyber risk posture.

Critical Leadership Capabilities

· Driving results

· Strategic Thinking

· Collaborating & Influencing

· Change Management

· Team Building

· Senior Executive communication

Education & Preferred Qualifications

· Technical understanding and experience developing and implementing innovated techniques and solutions to delivering cost efficient security solutions.

· Hands-on experience or working knowledge in multiple security domains: Network security, Identity and Access, Data Loss / Data Protection, Application Security, Windows/Unix security hardening, security framework, Vulnerability Management, Penetration Test & standards, various protocols (e.g., TCP/IP, UDP, SSL/TLS, SSH, HTTPS, FTP, RDP, LDAP, etc.)

· Knowledge of various Cloud environments, security controls and assurance

· Understanding of key Cyber risk frameworks

· An interest in data analysis, feeding into decision-making processes

· An ability to effectively influence others to modify their opinions, plans, or behaviors

· Ability to react to dynamic changing environments

· Preference not Mandatory : Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM) and/or Offensive Security Certified Professional (OSCP)

State Street's Speak Up Line