Job Description

Overview: DWS is transforming and growing its internal information and cyber security team. As the Senior Information Security Officer for APAC, you will have strategic ownership of information and cyber security activities delivered within the region. You will be the face and voice of the security function to the technology and business, and the face and voice of the business within security, working closely with stakeholders to understand their requirements/risks and subsequently enable services to be delivered in a targeted and proactive fashion. The role will ensure APAC region and countries DWS operates in, are compliant with any applicable legal, regulatory, clients and industry security requirements by carrying out appropriate internal and external reviews and gathering evidence from control owners. As a business facing role operating at a senior level, you must be comfortable influencing colleagues at a complex, international scale. You will report to the DWS Group Head of Security Governance, Risk & Compliance. Your key responsibilities

• Establishing and maintaining close working relationships with key business and technology stakeholders on the group and regional level
• Coordinating external audit and regulatory requests related to security matters in the region
• Ensuring timely notification to business of new security and regulatory requirements
• Stimulating and managing information and cyber security demand to ensure the most effective use of security investment opportunities
• Building and promoting security awareness within the APAC region around security threat and exposure
• Ensuring security risk is understood by business and managed within to the company risk appetite
• Coordinating deployment of security platforms and tools in alignment with the information and cyber security Strategy to ensure clients obligations and regulatory requirements are met
• Ensuring business security requirements are reflected into the DWS Group Policy and Standards
• Representing DWS security function at various regional, local, and divisional committees and councils
• Working closely with 3rd Party Security Management team on vendor risk assessment ensuring local and regional vendors are compliant with DWS security requirements
• Facilitating planning, introduction, delivery of information and cyber security services to support policy and regulatory compliance activities and security audits
• Advising business on how to achieve the relevant controls and assist with solutions to support them
• Coordinating security incidents on a regional and local level working closely with the Cyber Resilience and Operation team and business stakeholders
• Working with stakeholders to address client queries around security topics from the region
• Providing reporting on key performance indicators, risks and security control effectiveness within the APAC region

Your skills and experience

• Proven experience of increasing responsibility in information, technical or cyber security roles in financial sector preferred
• Proven experience in operating in a highly complex organisation with devolved structures and multiple stakeholders
• Security professional related certification - CISSP, CISM, SANS or equivalent desirable
• Strong working knowledge and understanding of how to handle and respond to cyber security incidents
• Up-to-date knowledge of current exploit techniques, vulnerability disclosures, data breach incidents, and security analysis techniques, combined with the understanding of the potential impact on the security posture
• Strong understanding of cybersecurity standards and frameworks e.g., ISO27001, NIST, CIS, OWASP, SANS
• Experience in working with external stakeholders such as information sharing communities and law enforcement
• Ability to manage conflicting priorities and multiple tasks in a high-pressure environment
• Knowledge of key regional and local laws and regulations including but not limited to China’s Cyber Security Law, APPI, MAS, PDPC, HKMA
• Experience of handling regulators and working within internal or external audit
• Excellent stakeholder management, effective communication and interpersonal skills at both a technical and non-technical level
• Highly self-motivated and directed, with keen attention to detail
• Excellent strategic and operational business awareness, with a deep understanding of the key drivers, levers, issues and constraints of Digital businesses

How we’ll support you:

• Coaching and support from experts in your team
• A culture of continuous learning to aid progression
• Training and development to help you excel in your career

Our values define the working environment we strive to create – diverse, supportive and welcoming of different views. We embrace a culture reflecting a variety of perspectives, insights and backgrounds to drive innovation. We build talented and diverse teams to drive business results and encourage our people to develop to their full potential. Talk to us about flexible work arrangements and other initiatives we offer. We promote good working relationships and encourage high standards of conduct and work performance. We welcome applications from talented people from all cultures, countries, races, genders, sexual orientations, disabilities, beliefs and generations and are committed to providing a working environment free from harassment, discrimination and retaliation. Our values define the working environment we strive to create – diverse, supportive and welcoming of different views. We embrace a culture reflecting a variety of perspectives, insights and backgrounds to drive innovation. We build talented and diverse teams to drive business results and encourage our people to develop to their full potential. Talk to us about flexible work arrangements and other initiatives we offer.
We promote good working relationships and encourage high standards of conduct and work performance. We welcome applications from talented people from all cultures, countries, races, genders, sexual orientations, disabilities, beliefs and generations and are committed to providing a working environment free from harassment, discrimination and retaliation.