Join the team

Information Security Manager (APAC)

Role and Responsibilities:

• Work with the Group Head of Information Security to develop a security program that addresses identified risks and business security requirements
• Manage the process of gathering, analysing, assessing current and future threats, providing the Group Head of Information Security with a realistic overview of risks and threats in the enterprise environment
• Work with the Group Head of Information Security to develop budget projections based on short and long-term goals and objectives
• Strong collaboration with international Security teams including Operations, Governance Risk & Compliance
• Monitor and report on compliance with security policies, and enforcement of policies
• Propose changes to existing policies and procedures to ensure efficiency and regulatory compliance
• Assist resource owners and IT staff in understanding and responding to security audit failures
• Provide security awareness and training for audiences, ranging from senior leaders to office colleagues
• Work as vendor liaison with legal and purchasing teams to establish acceptable contracts and SLAs
• Manage, coordinate incident management events, including detection, response, recovery and reporting which includes hands-on access to technical security tools
• Manage day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans and communicate information about residual risk
• Manage security projects and provide expert guidance on security matters for other IT projects
• Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements
• Work with stakeholders to identify asset owners to classify data as part of a control framework
• Provide support and guidance for legal and regulatory compliance efforts, including audit support
• Lead APAC security projects
• Managing the assurance of the cycle of regular DR testing to be performed by all companies in region (APAC)
• Managing Backup assurance – follow up on any missing reporting to ensure we have full coverage.
• Managing Patching Escalations (i.e. sites that have not patched and/or reported)
• Education: Cyber and IT best practice (i.e. the education of our new standards as they are released)
• Handle expiring/expired accounts and unauthorised local admin access
• Working with local teams/HR on policy breaches
• Facilitate risk management in APAC
• Ensure Mobile Device Management system is well-supported.

Essential Skills:

To be considered for this role, you will need to demonstrate experience where you have:

• Strong leadership skills and the ability to work effectively with business managers, IT Engineering, Cyber Security Operations and Governance, Risk & Compliance colleagues
• Experience working with outsourced Managed Security Services Providers
• The ability to interact and build strong relationships at all levels and across all business units and organisations and understand business imperatives
• A strong understanding of the business impact of security tools, technologies and policies
• Experience working with legal, audit and compliance colleagues
• Experience developing and maintaining policies, procedures, standards and guidelines
• Experience with common information security management frameworks, such as International Standards Organization (ISO) 2700x, the IT Infrastructure Library (ITIL), NIST CSF frameworks
• Familiarity with applicable legal and regulatory requirements in the Asia Pacific region
• Proficiency performing risk, business impact, control and vulnerability assessments, and in defining treatment strategies
• An understanding of operating system internals and network protocols.

Qualifications (Desirable):

• A bachelor's degree in Information Systems or Information Security
• 8 year’s relevant work experience
• Certification from ISACA or ISC²
• Technical Security Certification
• ITIL Certification.

Fit with the Spirax Sarco Engineering plc’s Group IS Team:

In order to assess whether you think you’ll fit in with the team we have outlined what we will be looking for from you and the type of environment you can expect from us. We are looking for a team player who:

• Embraces Spirax Sarco Engineering Plc’s Core Values
• Has an ability to assert ideas, gain support and commitment from others
• Can take ownership and take other people on the journey
• Is happy to work, manage, prioritise multiple and competing demands
• Conveys insightful problem-solving skills with the ability to exercise mature judgment
• Shows initiative, is proactive and values continual improvement.
• Has a strong work ethic, high standards, is results and customer drive