The Role
This role will assist the IT organization in driving IT risk management, information security policy, regulatory compliance and security awareness training. The incumbent will work very closely with country IT teams to ensure information risk and security, segregation of duties, compliance and awareness are buried in their day to day business. He/She will play a significant role in rationalizing and prioritizing Enterprise IT risk, security and compliance in supporting Dairy Farm business strategy. The role will have direct and immediate impact on an ultimate purpose of building a business trusted information security and risk management community, and to improve & sustain a control environment for supporting Dairy Farm group business growth.
Key Responsibilities
1. Information Security Awareness Training
Manage and support/enhance information security awareness training program to communicates our security policies and requirements so that people know, understand and can follow them.
Responsible for designing and performing regular phishing simulation exercise across the whole company
Communicate the result with different countries’ IT heads after the phishing simulation exercise
2. IT Security & Risk Management
Assist the team manager to connect between Governance/Compliance and Security Operation within DF IS group. Establish and maintain IT/IS policy, standards, risk, security & compliance requirements, identify/analyze and manage the closure of gaps/discrepancies, within a fast-paced Retail environment, ensure that the organization manages risks appropriately, and with agility.
Assist the team manager to drive Enterprise security and compliance awareness programme and liaise with contact point from all countries/banner, COE and other business units, such as HR and Learning & Development or where call for, to implement, monitor risk and compliance initiatives.
Assist the team manager to perform regular enterprise IT Risk Assessment alongside Business Unit IT, Product Line Group, other COE teams as well as Business Process Owner. This involves upholding information security management systems, IT/IS policy alignment/update/communication/monitoring under the climate of people/process and technology changes, without neglecting review of supporting processes/ procedures, etc. to ensure the proper controls are in place and risks are always appropriately mitigated.
Assist the team manager for the process in IT risk management including IT risk register, Information Security Training, Phishing Simulation, Cybersecurity & Regulatory Compliance program for Dairy Farm Group.
Responsible for performing, renewal of vendor assessment & Risk acceptance register.
Work within the Technology organization and ensure a firm foundation in governance and management realm for information technology risk and security requirements.
Role Specific Technical Competencies
Basic
Bachelor’s Degree in Computer Science, Information Technology, or equivalent experience required with 1 year of experience in Information Security Awareness Training and IT Risk & Security Management
Ability to design, develop and implement governance and management policy/processes and programs are desired.
Technical
Knowledge in Information Security
Knowledge in ITIL processes (incident management, change, problem, release management).
Knowledge in SDLC, Agile, SCRUM and prior Project management experience preferred.
Ability to learn and assimilate information quickly, apply risk/threat/vulnerability control considerations or method which impact multiple dimensions of Business, IT and subsequent downstream decisions.
Personal attributes
Conversant in articulating technical/technology functional terms in layman context
Good verbal and written English, Mandarin & Cantonese communication skills across all levels of personnel; to adequately represent IT and business in articulating implications during an Audit and /or Cybersecurity incident.
High engagement and Can-do attitude
Critical thinking skills with strong attention to detail and follow up
Demonstrated ability to self-managing/balancing multiple priorities/responsibilities which may change from time to time
Strong analytical and problem-solving skills
High degree of professionalism and personal integrity
Ability to work with a high degree of independence
Collaborative team player
Prior team management (Direct or Indirect) experience is preferred.
Possess strong systematic problem-solving experience, a sense of accountability, ownership and drive
Ability to build, champion and manage partner relationship as a Risk and Security professional.
Maturity, high judgement, negotiation skills, ability to influence, analytical talent and leadership are essential to success in this role.
Experience in collaboratively managing diverse relationships across geography and culture preferred.
Make confident decisions and drive results through others while fostering collaboration and innovation.
