Senior Manager, Group Information Security

About FWD Group

FWD Group is a pan-Asian life and health insurance business that serves approximately 30 million customers across 10 markets, including BRI Life in Indonesia. FWD’s customer-led and digitally enabled approach aims to deliver innovative propositions, easy-to-understand products and a simpler insurance experience. Established in 2013, the company operates in some of the fastest-growing insurance markets in the world with a vision of changing the way people feel about insurance.

For more information, please visit www.fwd.com

PURPOSE

• Lead and Drive FWD Data Protection Program (“DPP”) for FWD Group and all Business Units (10 Business Units).
• Define and partner with stakeholders in a multi-disciplined team structure, designing and implementing DPP security solutions to provide coverage across a variety of projects
• Lead stakeholders’ and vendors engagements and providing subject matter expertise to all Business Units across all Markets of FWD.
• Drive change and define enhancement to the DPP Target Operating Model, heavily affecting the influence on vendor to improve the solutions.
• Constantly kept abreast of key regulatory requirements and data protection laws, including emerging threats internally and externally.

KEY ACCOUNTABILITIES

• Define and execute Data Protection Roadmap, including use of Artificial Intelligence (AI).
• Support the Head of Group Information Security Engineering and Group CISO in defining and maintaining the DLP Engineering framework for FWD Group.
• Drive awareness and support to Group Information Security, Group IT and Business Units IT, to understand the DLP Security Solutions and Processes, as well as their implications across the organization.
• Drive DLP Security Engineering Initiatives and Projects definition and implementation, selection of solutions and architecture, as well as define operations framework and its continuous improvement.
• Develop deep working relationships with senior executives across engagement teams.
• Responsible for executing large-scale project deliveries
• Manage teams and mentor junior resources.
• Act as a subject matter expert in DPP and provide Level 4 support, reducing dependencies from external vendor support.
• Oversee infrastructure and microservices security architecture (inclusive of: container security architecture, data security architecture, network security architecture and operational security architecture).
• Review the infrastructure & microservices design against different security regulatory, industry and internal standards such as PCI DSS and CSA Containers' security guidelines and identifying the necessary security architecture requirements for the same.
• Review the infrastructure & microservices network and data architecture and identifying the necessary security architecture requirements for the same.
• Ensure that final design addresses identified threats and countermeasures during threat modelling
• Build knowledge capital through research and development and leveraging industry insights to deliver best of breed expertise to stakeholders.
• Lead the growth of cloud security practice across business units, project team and other stakeholders
• Drive DLP Information Security Engineering Initiatives and Projects definition and implementation, selection of solutions and architecture, as well as define operations framework and its continuous improvement.
• Continuously improve the Data Protection Program to adapt the changing threat landscape.

QUALIFICATIONS / EXPERIENCE

• Minimum of 12 years’ experience in project management, data privacy and protection, and security risk management.
• Extensive knowledge of technical Data Protection solutions and mechanisms (data discovery, data leakage controls, data tagging, data rights management, encryption, tokenization, masking, hashing, etc.)
• Experience in the insurance industry is an advantage.
• Ability to act as a data protection role model within the organization.
• Ability to summarize complex and technical.

KNOWLEDGE & TECHNICAL SKILLS

• Certification in CISSP, CDPSE or equivalent
• Good communication and presentation skills
• Express issues succinctly to senior stakeholders and to be flexible and pragmatic with advice
• Self-driven, autonomous, and result-oriented
• Exceptional interpersonal, analytical and presentation skills
• A team player and ability to lead managers, consultants and security analysts in your team.