Purpose of the Role & Team Profile

The Head of InfoSec - APAC will lead and coordinate security initiatives across the businesses within the Asia-Pacific region. This role will take strategy and policy forward and drive implementation and delivery for Information Security. The Head of InfoSec – APAC will oversee security and compliance operations within the APAC Informa divisions of Informa Plc, working closely with the Group and Divisional technology functions, Privacy and other Group and Divisional teams to deliver information security compliance.

The Head of InfoSec – APAC will, in the interim, report to the Group CISO and then the Director of Cyber Defence and Strategic Operations.

Key interactions

Chief Information Security Officer
Privacy Officer, China
APAC Divisional Technology teams
APAC Divisional Stakeholders
Divisional Information Security Officers
Head of IT Security/Cyber Operations
Internal Audit department, China

Key Areas of Responsibility/Accountability

Have region-specific understanding of the critical business assets, risks and mitigation plans
Drive region-specific control implementations or special programmes, where deemed necessary based on risk assessments or local regulatory requirements
Define and embed security-by-design principles across delivery teams
Liaise with local authorities and regulatory bodies to ensure compliance with local cybersecurity laws and regulations
Work closely with Group Privacy team
Working closely with legal/privacy to understand impact of new/existing Cybersecurity regulations
Conduct/support regular vulnerability and penetration testing across the division’s IT infrastructure and web services, working with web teams and 3rd parties to remediate any vulnerabilities
Monitoring and reporting of relevant business IT Systems for security and compliance best practices
Be the APAC first responder to any Information Protection incidents
Evaluates potential security incidents and recommend corrective actions
Identify and implement processes that methodically track: governance objectives, risk ownership/accountability, compliance with policies and conclusions that are set through the governance process, risks to those objectives and the effectiveness of risk mitigation and controls
Providing input into approval of changes and prioritisation of the Change Management process to ensure risks that could be introduced to the IT environment because of proposed changes are identified and adequately managed through to resolution
As a member of the CISO’s team, contribute to the overall strategic and operational management of Informa’s enterprise security and risk management agenda
Support security awareness campaigns within the region
Support, run or participate in Group-wide security initiatives and activities as directed and represent the APAC region at the cross-divisional Information Security meeting
In association with the Security Architecture team advise APAC IT/Product teams on security architecture relating to digital design and control implementation

Desirable:

Candidates should be working in the security industry or certified if one or several areas of security, including Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Systems Security Certified Professional (SSCP)
Experience with IT Security Architecture or a System/Software Development background
Knowledge of web application security, data security, public cloud security as well as experience in implementing secure development and testing processes

Key Outputs and Outcomes

Implementation of Security Measures: Successful deployment of Information Security solutions & processes across the region
Risk Management: Identification, evaluation, and mitigation of security risks to the region’s information assets
Incident Response: In association with Group Information Security enhancement and execution of regional incident response plans to handle security incidents / breaches effectively
Compliance and Governance: Ensuring that the region adheres to regional and global information security standards and regulations
Security Awareness: Support Group Information Security with training programs to improve security awareness among colleagues

Measures of Success

Reduction in Security Incidents: A decrease in the number of security breaches or successful cyber attacks
Compliance Rates: Achieving high compliance rates with internal policies and external regulations
Response Time: Improvement in the speed and effectiveness of regional incident response
Stakeholder Satisfaction: Positive feedback from stakeholders regarding the Information Security measures and protocols in place

Head of InfoSec - APAC

Job Description

About Informa Group Plc.

Similar Jobs

Senior Registration Systems Manager

Software Engineer

IT Support Specialist II

Security Analyst