- Develop and sustain cyber risk/ IT security management policies and processes across systems and information
- Help develop, maintain and execute a multi-year enterprise-wide security roadmap
- Ensure cyber risk/ IT security management is comprehensive, aligned to departmental objectives and organizational risk appetite, in line with local and global regulations as necessary, and applied consistently
to protect the confidentiality, integrity and availability of information and systems
- Use of relevant programmes/technologies including OWASP Top 10, CWE/SANS Top 25, WASC, SaaS/PaaS/IaaS security, EDR, Advanced Threat Protection, IAM, Network Architectures, Data Encryption, Windows 10 security
- Stay abreast with both cyber security and cyber risk worlds to bring innovative solutions that significantly improve the company’s security posture
- Manage small to large scale cybersecurity vendors
- Manage and build internal cybersecurity team
- Participate in/lead regional IT security audits
- Provide clear, consistent reporting to senior stakeholders and drive automation across processes and reporting where possible
- Develop a clear view of the cyber risk exposure, to provide meaningful risk advice across
- Provide a single, authoritative, consistent and repeatable set of cyber risk management processes implemented and assured
The Successful Applicant will possess:
- Proven experience (10 years or higher) as Subject-Matter-Expert in successfully architecting, integrating, managing and delivering cyber security, governance and risk initiatives with a working knowledge of
relevant cyber security standards, frameworks and risk assessment methodologies e.g. ISO27001, NIST etc.
- Extensive hands-on experience with EDR, Advanced Threat Protection, IAM, Network Architectures, Data Encryption, Windows 10 security.
- Strong understanding/hands-on experience with OWASP Top 10, CWE/SANS Top 25, WASC, SaaS/PaaS/IaaS security
- Strong understanding of authentication and authorization methodologies e.g. SAML, OAuth, MFA.
- Responsibility for facilitating agreement to Cyber Security risk appetite statements with various BU’s as well as organization.
- Experience of Cyber Security controls testing strategy and execution.
- Good relationship/stakeholder management skills and the ability to articulate risk to business stakeholders, and proven communication and presentation skills.
- Certifications like CISSP/CCSP etc. would be a big advantage.
- SOC experience would be a bonus.
Your personality can be described as:
- Inquisitive and innately curious about WHY
- Cool , calm , and collected under pressure. It will not always be smooth sailing.
- Competitive because Security is a chess game with an opponent that is trying to beat you.
- Collaborative because Security is NOT about making rules that people must obey.
If you have the energy and qualifications to add to our velocity, Please visit Kerry
Logistics Network Company Webpage to apply or send your CV with your present and
expected salary to the Group Director of Human Resources & Administration, Kerry Logistics by clicking APPLY NOW or
by fax to +852 2614 8517 .
(We are an equal opportunity employer and welcomes applications from all qualified candidates. All
personal data will be kept in the strictest confidence and will be used for recruitment purpose only. All applicants maybe considered for other suitable positions in the Kerry Group and its members. All personal data of unsuccessful candidates will be destroyed.)