APAC Information Security Consultant

Job Summary

Senior Information Security Consultant is primarily responsible for supporting information security governance initiatives and activities across APAC business units. 

Job Accountabilities - Key Accountabilities

• Information Security governance
  • Maintain APAC’s regional Information Security, Risk and Compliance framework, and support Group in revising old or establishing new policies and standards
  • Provide governance over and support APAC BISOs in the coordination of regional and local information security gap remediation
  • Perform analysis to identify common themes and drive regional remediation activities
  • Advise APAC BISOs and stakeholders in information security policy compliance requirements
  • Provide advice, governance and support in information security policy exception and risk acceptance processes
  • Work closely with the Group’s Information Security Governance (ISG) team and APAC BISOs to ensure global requirements are communicated to APAC stakeholders and APAC requirements are considered in global information security compliance projects
  • Support Group’s ISG initiatives in the APAC region
  • Provide support in APAC’s Information Security control assurance processes
  • Work closely with the APAC Information Security Analytics & Reporting team in ensuring visibility via accurate security compliance metrics
  • Identify and support opportunities for process simplification and automation initiatives

• Information Security, Risk and Compliance Assessments
  • Support APAC BISOs in performing the following assessments using the Global standard approach:
    • Cloud security assessments
    • Third party vendor assessments
    • Business / IT Application assessments (incl. pre & post implementation reviews, major changes)
    • Regulatory assessments (e.g. local regulations, ISO27001, PCI DSS, SOC2, etc)
    • Remediation action review, analysis and management
    • Themed security reviews
  • Exception management
  • Support continuous improvement of Global and Regional ISG processes

Job Qualifications

Required:

• University graduate of computer science, information technology/security or any other related disciplines.
• Minimum 6 years professional experience in information security or IT risk management, preferably in MNC environment or insurance industry.
• Certification of CISA, CRISC, CISSP or CISM is a must
• Experience or certification of PCI IA, ISO27001 is a plus.
• Big4 information security consulting and/or IT audit experience is an advantage.

Preferred:

• Good understanding of security concepts and architectures
• Good understanding of IT security and compliance controls
• Understanding of IT technologies and processes (e.g. cloud, operating systems, databases, networking, web/application, change management, SDLC & DevSecOps, disaster recovery, monitoring, AI, etc)
• General knowledge of regulatory requirements is a plus
• General knowledge of common security tools

You are the heart & soul of Zurich! 
 

At Zurich, we like to think outside the box and challenge the status quo. We take an optimistic approach by focusing on the positives and constantly asking What can go right? 

We highly value the experience and know-how of our employees and offer a wide range of opportunities across business areas to encourage you to apply for new opportunities within Zurich when you are ready for your next career step. 

Let’s continue to grow together!

• Location(s):  MY - Kuala Lumpur 
• Schedule: Full Time
• Recruiter name: Eilma Fatehah Sabri