Job Description

The Adecco Group is looking for a skilled professional to join their team as IT Risk, Security & Compliance Manager-APAC to be based at our Kuala Lumpur Office in Malaysia. Could you be the perfect fit?More Details here\xe2\x80\xa6IT Risk, Security & Compliance Manager supports the Global Head of Information Technology (IT) to ensure the Confidentiality, Integrity and Availability, of the Adecco Group Information Assets within the respective area(s).

• Implements and continuously improves an effective and efficient Information Security Management System in line with the Group IT Security Strategy, Policies and Standards within the organization.
• Ensures that operational, legal, regulatory and security risks are assessed and mitigated with effective controls in accordance with the business requirements and Enterprise Architecture.
• Publicizes the Adecco IT Policy framework standards throughout all business and IT users to ensure all projects in scope are delivered in conformance to Group Standards.
• Monitors and manages all security incidents, lead investigations on behalf of the IT Leaders and take remedial actions to prevent recurrence wherever possible.

• Supports the Global Head of Information Security, Risk and Compliance and Head of IT in the implementation of the Group Information Security Strategy globally.
• Reviews and evaluates IT procedures and controls concerning Information Security at a global level.
• Ensures (ICOFR), RIM, Group Policy and self-assessment exercise are carried out in a timely fashion and in line with Group expectations.
• Communicates and publicizes the Adecco IT Policy framework and work with the Governance, Risk and Compliance Director to ensure users are educated and trained in all aspects of the Policy framework.
• Liaison with Assurance function (GIA, Group IT Assurance, External Auditor).
• Makes sure all both internal and external audit actions have a named owner and remediation plan; ensures agreed actions are delivered in line with agreed dates.
• Assesses current levels of risks within the IT environment on an on-going basis. Ensures all the Identified security risks are managed through their life cycle from identification to closure and provide appropriate visibility of the same to the Management.
• Ensures security testing is carried out for Global Important Assets and report finding are followed up and timely addressed.
• Ensures that project team and delivery teams deploy products /systems / applications in line with Security Architecture Requirements and Standards.
• Provides concise, relevant, and informative reports to the Global Head of Information Security, Risk & Compliance on the status of security and risks within the IT environment.
• Monitors and manages all security incidents & breaches and take remedial actions to prevent recurrence wherever possible.
• Leads investigations in coordination with the Global Security Operations Centre (GSOC) in the respective functional area, on behalf of business and IT Leadership Team, for breach of Information Security Policies and standards or security compromise.
• Be the recognized expert in the field of Information Security globally and keep abreast of local regulations and requirements related to information security like Data Privacy Laws.
• Ensures Group Information Security Awareness Initiatives and end users training are deployed.

• Minimum 7- 8 years of experience in IT control or audit environment in the IT field, and experience of working in Global Organizations
• Professional experience in running the information security office analyzing and applying information security, risk management, and privacy practices
• Demonstrable knowledge in key IT security and Risk Management framework (such as COBIT, Risk IT, ISO17799, ISO27001)
• Knowledge in IT Security and Risk Management and international regulatory compliances and frameworks (such as COBIT, Risk IT, ISO 2700X, SOX, NIST)
• Experience in Big 4 is an advantage
• Good to excellent command in English.

• University degree in IT
• ITIL certification
• CISSP, CISA, CISM or similar certification preferred
• Professional experience in risk management, security governance and regulatory compliance.

Adecco Group