Manager, Information Security Policy & Compliance

Job Summary

Reporting to the Senior Manager, ISRA, you will be a key member involved in uplifting the Club’s information security assurance as a second line of defence.  You will be developing and maintaining Information Security Policy, Acceptable Use Policy and other policies.  You will also be designing and implementing a compliance self-assessment programme for the compliance of the policies.  You will also be involved in other information security assurance and technology risk management activities as assigned.  

Major Tasks

• Develop and maintain information security policies.
• Perform compliance assessment against information security policies.
• Assist in programme management, and work with external consultants to deliver technology risk and information security projects.
• Conduct information security risk assessments and control assurance testing.
• Assist in delivering information security initiatives and prepare necessary documentation.
• Assist in technology risk management activities.
• Monitor and report on security metrics and trends to monitor the technology and information security risks.
• Promote security awareness within the organization, fostering a culture of risk management.

Education

University degree in Computer Science, Information Technology, Cybersecurity, Engineering, Risk Management or related fields.

Qualifications

Relevant certifications such as CISSP, CISA or CISM are preferred.

Experience

• 5 to 7 years of practical experience in Cyber Security or Technology Risk roles.
• Hands-on experience in enterprise security infrastructure, risk assessments, and security testing.
• Experience with identity and access management systems and principles.
• Familiarity with security frameworks and standards (e.g. ISO27001, NIST).
• Understand second line of defence roles and responsibilities.