Information Security Analyst

Is this your next challenge in Information Security?

This role will assist the IT organization in driving IT risk management, information security policy, regulatory compliance and security awareness training. The incumbent will work very closely with country IT teams to ensure information risk and security, segregation of duties, compliance and awareness are buried in their day to day business.

He/She will play a significant role in rationalizing and prioritizing Enterprise IT risk, security and compliance in supporting Dairy Farm business strategy. The role will have direct and immediate impact on an ultimate purpose of building a business trusted information security and risk management community, and to improve & sustain a control environment for supporting Dairy Farm group business growth.

The challenge is to:

1. ISO27001:2022 Implementation

• Assist in the implementation of the ISO 27001:2022 framework across the organization, ensuring alignment with business objectives and regulatory requirements.

• Conduct gap analysis to assess current information security practices against ISO 27001:2022 standards and develop an action plan to address any identified gaps.

• Collaborate with cross-functional teams to establish and document information security policies, procedures, and controls in accordance with ISO 27001:2022.

• Facilitate risk assessments and develop risk treatment plans to mitigate identified risks in line with ISO 27001:2022 requirements.

• Oversee the development and execution of an internal audit plan to assess compliance with ISO 27001:2022 and ensure continual improvement of the ISMS (Information Security Management System).

• Provide training and awareness sessions for staff to ensure understanding of ISO 27001:2022 requirements and promote a culture of security throughout the organization.

2. Information Security Awareness Training

• Manage and support/enhance information security awareness training program to communicates our security policies and requirements so that people know, understand and can follow them.

• Responsible for designing and performing regular phishing simulation exercise across the whole company

• Communicate the result with different countries' IT heads after the phishing simulation exercise

3. IT Security & Risk Management

• Assist the team manager to connect between Governance/Compliance and Security Operation within DF IS group. Establish and maintain IT/IS policy, standards, risk, security & compliance requirements, identify/analyze and manage the closure of gaps/discrepancies, within a fast-paced Retail environment, ensure that the organization manages risks appropriately, and with agility.

• Assist the team manager to drive Enterprise security and compliance awareness programme and liaise with contact point from all countries/banner, COE and other business units, such as HR and Learning & Development or where call for, to implement, monitor risk and compliance initiatives.

• Assist the team manager to perform regular enterprise IT Risk Assessment alongside Business Unit IT, Product Line Group, other COE teams as well as Business Process Owner. This involves upholding information security management systems, IT/IS policy alignment/update/communication/monitoring under the climate of people/process and technology changes, without neglecting review of supporting processes/ procedures, etc. to ensure the proper controls are in place and risks are always appropriately mitigated.

• Assist the team manager for the process in IT risk management including IT risk register, Information Security Training, Phishing Simulation, Cybersecurity & Regulatory Compliance program for Dairy Farm Group.

• Responsible for performing, renewal of vendor assessment & Risk acceptance register.

• Work within the Technology organization and ensure a firm foundation in governance and management realm for information technology risk and security requirements.

Do you have experience in?

• Bachelor's Degree in Computer Science, Information Technology, or equivalent experience required with 5 years of experience in Information Security Awareness Training and IT Risk & Security Management

• Knowledge in Information Security

• Knowledge in ITIL and Information Security Management System(ISMS) processes (e.g. incident management, change, problem, release management).

• Ability to learn and assimilate information quickly, apply risk/threat/vulnerability control considerations or method which impact multiple dimensions of Business, IT and subsequent downstream decisions.

• Conversant in articulating technical/technology functional terms in layman context

• Good verbal and written English communication skills across all levels of personnel; to adequately represent IT and business in articulating implications during an Audit and /or Cybersecurity incident.

• High engagement and Can-do attitude

• Critical thinking skills with strong attention to detail and follow up

• Demonstrated ability to self-managing/balancing multiple priorities/responsibilities which may change from time to time

• Strong analytical and problem-solving skills

• High degree of professionalism and personal integrity

• Ability to work with a high degree of independence

• Collaborative team player

• Prior team management (Direct or Indirect) experience is preferred.

• Possess strong systematic problem-solving experience, a sense of accountability, ownership and drive

• Ability to build, champion and manage partner relationship as a Risk and Security professional.

• Maturity, high judgement, negotiation skills, ability to influence, analytical talent and leadership are essential to success in this role.

• Experience in collaboratively managing diverse relationships across geography and culture preferred.

• Make confident decisions and drive results through others while fostering collaboration and innovation.

If you have the right skills and experience, this is an opportunity to build your career with Pan Asia's leading retailer.

DFI Retail Group is an equal opportunity employer and responsible for ensuring that all personal information collected from each Candidate presented to DFI Retail Group is used for recruitment purposes only and the personal data will be kept and handled confidentially. We will retain the applications of candidates not selected for a period of no more than 24 months. The data collection process is in accordance with all applicable laws and compliant with the Code of Practice on Human Resource Management.

To find out more about Our Businesses and Our People, please visit our website: https://www.DFIretailgroup.com