Information Security & Resilience Consultant

abrdn

abrdn is a global investment company and asset manager committed to helping our customers achieve their financial goals.

Apply now Apply later

Posted 3 weeks ago

Job Description

Role Purpose and Background

To support the regional information security officer in all matters relating to Information Security, Technology Risk, Data Privacy, Operational Resilience and Third Party Risk Management working closely with regional and in country teams, as well as head office based colleagues in Security, Privacy & Resilience.
To assist in ensuring the APAC business proactively manages security risks in line with risk appetite and operates in a way that complies with the requirements of the relevant regulations and legislations.
To act as a point of contact for our business in APAC on security matters and maintain a productive working relationship with the wider business.

This role reports into the Deputy Head of Security, Resilience, and Protection – APAC.

Roles and Responsibilities

Support regional businesses and teams in the matters of Information Security, Technology Risk, Data Privacy, Operational Resilience and Third Party Risk Management for activity relating to project, regulatory liaison or assessment, client reporting as well as supporting ongoing business operations.
Review, assess and interpret in country regulations and legislation in relation to the remit of Security, Resilience, and Protection.
Assist in the oversight the region and countries’ risk and compliance position in relation to Security, Resilience, and Protection and report regularly on plans, key risks and issues.
Prepare new initiatives, projects, or material business / IT changes support the preparation of security risk assessments and data privacy impact assessments.
Support the delivery of security related education and awareness for colleagues across APAC.
Recommend improvements in practices, processes and capabilities to ensure that the business operates to the required standards and within risk appetite.
Prepare regular reporting on regional status of topics on Security, Resilience, and Protection.
Coordinate and respond in the event of security/privacy incidents.
Engage the business stakeholders directly on Security, Resilience, and Protection related projects.

Key Skills, Qualifications & Experience

2-3 years on Information Security, Technology Risk, Data Privacy, Operational Resilience and Third Party Risk Management related experience in a similar or related role.
Previous experience and knowledge of regulatory compliance topics preferred.
Recognised professional information security qualification preferred, such as CISA or CISSP.
Knowledge of control and risk management processes. Ability to frame decisions in terms of risk. Ability to make risk judgements. Audit experience is desired.
Sound planning skills with high level of organisation and discipline to meet specific targets and objectives.
Able to work with others in the organisation and able to build relationships and trust.
Able to communicate effectively with others at all levels verbally and in writing and able to translate technical terms into business language.
Strong Microsoft Office skills.

Experience of working in a Financial Services, Investments or Asset Management or professional services environment preferred.
Ability to balance security with other factors or concern.
Experience in managing threats and risks in a complex environment and in particular balancing these against business requirements.
Research and interpretation including trend analysis; willingness to seek and understand the various security regulations and statutes.