Requisition ID: 2324

Assistant Manager, Information Security Assurance

Job Summary

Reporting to the Senior Manager, ISA, you will be a key member involved in uplifting the Club’s information security assurance as a second line of defence. This will include designing and implementing a control library focusing on controls to manage cyber risks and to develop a control assurance program to test the design and operating effectiveness of controls on a regular basis.
Key tasks include conducting information security assurance program, control testing, red teaming, managing risk assessments, and collaborating with internal and external stakeholders to implement security controls.
The job holder also involves coordinating information security initiatives and responding to security incidents to maintain compliance and safeguard the Club's assets.
This job holder is responsible for delivering information security projects and ensuring robust information security measures during system design and operations.
Key tasks include conducting information security testing, managing risk assessments, and collaborating with internal and external stakeholders to implement security controls.

Assist the Senior Manager, ISA to establish the second line of defence (2LOD) technology risk management and information security assurance functions.
Conduct regular assessments and testing of information security controls and processes
Provide technical advisory to ensure compliance with regulatory requirements and industry best practices.
Support the selection and review process of information security solutions, providing technical suggestions and recommendations for design and integration.
Assist in the implementation of security initiatives and prepare necessary documentation to ensure adherence to project development lifecycles.
Collect, analyse, and report on security metrics, trends, and issues to enhance the visibility of senior executive.
Maintain and update documentation related to information security processes, procedures, and project statuses.
Engage in proactive measures to mitigate network-based security risks and respond to information security incidents.
Provide guidance and support for the configuration and implementation of security controls and frameworks.
Promote security awareness within the organization, fostering a culture of risk management.
Assist in the incident management process
Work closely with the ERM team to integrate information security risks into the organization's risk management framework.
Support the Senior Manager in engagements with internal audit and other third-line functions.

University degree in Computer Science, Information Technology, Cybersecurity, Engineering, or related fields.

Relevant certifications such as CISSP, CISA, CISM or CRISC are preferred.

3 to 5 years of practical experience in information security, risk management, or a related field.
Hands-on experience in enterprise security infrastructure, risk assessments, and security testing.
In-depth knowledge of information security principles, risk management frameworks, and relevant regulations
Familiarity with security frameworks and standards (e.g. ISO 27001, NIST).