Lead Information Security Specialist, Projects & Consulting
Who we’re looking for
An experienced Lead Information Security Specialist to provide technical and non-technical information security consultancy services to the Schroders business units and IT. Reporting to the Head of Information Security APAC, the role necessitates an ability to champion the security team to influence senior business representatives and to engage with internal stakeholders in all areas of technical and non-technical information security.
About Schroders
We’re a global investment manager. We help institutions, intermediaries and individuals around the world invest money to meet their goals, fulfil their ambitions, and prepare for the future. We have around 4,000 people on six continents. And we’ve been around for over 200 years, but keep adapting as society and technology changes. What doesn’t change is our commitment to helping our clients, and society, prosper.
The base
This role will be based in Singapore
The team
The Schroders Global Information Security function ensures our business is able to operate safely in a dynamic threat and technological environment by effectively managing the risks to its information assets. To achieve this aim, the function contains teams responsible for Cyber Security, Insider Security, Information Risk Management, Technology Risk and the Information Security Change Programme.
What you’ll do
Information security:
- Provide advice and guidance on how to minimize the impact to the business of potential threats to the network or assets
- Liaise with potential or current partners and suppliers to the business and evaluate the information security levels of the company or products
- Assist and provide guidance to business stakeholders, project managers and solution architects through the lifecycle of a project related to project and business change.
- Investigate the vulnerability of the business to potential malicious attacks and recommend defensive actions.
Policy, Standards, Procedures and Guidelines:
- Ensure that information security policies are implemented, enforced, monitored and complied with and to ensure the business embraces a culture of Information Security
- Develop and ensure data security procedures are approved that provide the more detailed steps that service areas need to adhere to in order to implement that data security policies
- Drive ongoing improvements to the security consultancy process and supporting tooling
Risk Management:
- Work with Enterprise and Infrastructure Solution Architects to advice on all Information Security Risks with regards to infrastructure, changes to processes or project implementations. To critique the high and low level designs within projects. Working on all such projects throughout their lifecycle to ensure the business meets compliance and regulatory requirements
- Taking timely action resulting from any risk assessment recommendations. This may involve liaison with other departments, partners or suppliers. It is essential to keep the Head of Information Security APAC and the CISO informed if there are any issues of non-compliance.
Keep abreast of data security trends:
- Be aware of current and possible future trends in information security and take into account current business procedures, to define and develop procedures and policies for appropriate and secure use of the businesses IT systems.
- Adherence to standards, including ISO27001 and Information Technology, PCI-DSS and Infrastructure Library (ITIL)
The knowledge, experience and qualifications you'll need
- Hands on experience with Security technologies and the ability to speak to and consult back to senior business figures
- Strong and in depth knowledge of SABSA, NIST, COBIT, ISO27001 (training or certification in this area would be particularly advantageous)
- Experience in producing quality reporting and documentation
- Experience in designing and reviewing IT and Security Architecture
- Knowledge of IT Networking and Infrastructure
- Knowledge of application security and secure coding practices.
As above