Job Description

Reporting to: Head of IT Operations on a day to day basis and ultimately to the Head of Technology

Role Summary:

The Information Security Officer (ISO) serves as the process owner of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee and business information in compliance with the organization's information security policies.

The ISO coordinates activities with other departments, including the evaluation, procurement, and deployment of security-related products and develops and coordinates information security awareness and education programs. The key element of the ISO's role is working with executive management to determine acceptable levels of risk for the organization. This position is responsible for establishing and maintaining a corporate-wide information security management program to ensure that information assets are adequately protected.

Responsibilities:

• Develop, implement and monitor a strategic, comprehensive enterprise information security management framework and IT risk management program
• Provide risk assessment and security briefings related to security issues for all new and existing systems and remains familiar with the Company's goals and business processes so effective controls can be put in place for those areas presenting the greatest information security risk.
• Communicates risks and recommendations to mitigate risks to the senior administration by communicating in non-technical, cost/benefit terms and in a format relevant to senior administrators so decisions can be made to ensure the security of information systems and information entrusted to the Company.
• Oversees all ongoing activities related to the development, implementation, and maintenance of the Company's information security policies and procedures by ensuring these policies and procedures encompass the overall security of electronic information at rest or in motion within the system and assisting departments in local process and procedure development, ensuring they are not in conflict with Company policies.
• Assists other departments to ensure regulatory compliance in areas such as the ISO 27001, NIST, CSA, CIS and other compliance requirements required by individual customers.
• Chairs the Information Security - IT Committee (ISIC) and coordinates the activities of ISIC so that security decisions do not interrupt business processes while maintaining the confidentiality, integrity, and availability of company information.
• Conduct vulnerability assessment and penetration test on the organizations IT systems and application
• Plan and conduct annual role-based and general staff cyber security awareness training
• Acts proactively to prevent potential disaster situations by ensuring that proper protections are in place, such as intrusion detection and prevention systems, firewalls, and effective physical safeguards, and provides for the availability of computer resources by ensuring a business continuity/disaster recovery plan is in place to offset the effects caused by intentional and unintentional acts.
• Evaluates security incidents and determines what response, if any, is needed and coordinates Company's responses, including technical incident response teams, when sensitive information is breached.
• Contributes to a work environment that encourages knowledge of, respect for, and development of skills to engage with those of other cultures or backgrounds.
• Remains competent and current through self-directed professional reading, developing professional contacts with colleagues, attending professional development courses, attending training, conferences, and/or courses as directed by the supervisor, and obtaining certifications relevant to job duties.

Qualifications:

• Education: A Bachelor's degree in Computer Science, Information Technology or a related discipline
• Experience: At least 8 to 12 years of relevant working experience in IT Security, IT security operation & governance
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, Cloud Security Alliance, MAS TRM and NIST etc
• Skills: Good working knowledge of running cyber security awareness program ,IT security risk management, security governance framework and compliance (IT Security Audit / log review), IT security review (Vulnerability Assessment & Penetration testing), Cloud computing security (AWS, Azure), application and system security, security technologies (IDS/IPS/WAF, Firewall, SIEM & PAM) and cyber security incident response.
• The ability to maintain confidentiality in regard to information processed, stored, or accessed by the systems is required.
• The ability to manage multiple concurrent projects and to reason analytically is required.
• The ability to work with and train people possessing differing levels of technical knowledge is required.
• Effective verbal and written communication skills and proficiency in writing technical specifications are required.
• The ability to develop knowledge of, respect for, and skills to engage with those of other cultures or backgrounds is required.
• Other: Professional information security certifications (CISSP,CISM,CISA,OSCP, GIAC etc) is preferred.

Additional Information

Career Level

Senior Executive

Qualification

Bachelor's Degree, Post Graduate Diploma, Professional Degree

Years of Experience

5 years

Job Type

Full-Time

Job Specializations

,

Company Overview

Riding the wave of China's economic success in the last 2 decades, ADERA Global Group has evolved and transformed its capabilities to lead in fields of biometric authentication, automation, digitalization, secured data handling, data analytics and smart technologies.

We support customers from different industries worldwide, ranging from banks, insurance companies, government agencies, health and telecommunications.

Under the visionary leadership of our Founder cum Group Chairman Mr Lennon Tan and his leaders, ADERA has come a long way from its humble beginnings as a specialty card manufacturer. Today, ADERA is a diversified group of companies, employing over 2,000 employees, including 200 R&D engineers over 20 offices. ADERA re-located its global headquarters to Singapore in 2015 and in the same landmark year, we also completed the acquisition of DataPost and JK Trudata Solutions.

ADERA has come a long way since its inception in 1984. In our group latest transformation, we embarked on a new strategic direction.

With clear focus on our customers' needs, we consolidated technologies and knowhow via a more agile product development approach we are now able to offer a complete suite of solutions to Banks, FIs & Government sectors. Our sectors especially in the payment and transactions arena are constantly changing with new technologies and regulatory changes.

Focus on our core competence of Trusted Manufacturing and Services, we are now able to deliver both secured products like next gen smartcards, mobile transactional and POS applications, banking automation kiosks and cloud based BPO services to our customers. With the addition of DataPost Group in 2015, we have a great platform to service international banks more effectively. I look forward to the realization of ADERA being a significant and trusted supplier to banking and FI customers globally. The speed of the change in our industry is challenging yet presents many new opportunities.

Our diversity in new products, technology, and heavy investment in research development will enable us to sustain our competitive edge. Our commitment to provide a positive work environment for our staff enables them to excel and deliver trusted quality products to our customers. We constantly seek and continuously strengthen partnerships with our strategic alliances and industry leaders to fulfill our commitment to the industry.

Additional Company Information

Registration No.

201229678W

Company Size

51 - 200 Employees

Average Processing Time

3 days

Industry

Computer / Information Technology (Software)

Specific Location

Ayer Rajah

Company photos

1/3