Ref.: AP-50403
Facts & Figures
| Job function | Information Technology |
| Country | Singapore |
| Location | Singapore (Alps) |
| Position offered by | DHL Supply Chain Regional Office Singapore |
| Reports to | Senior Director, IT ISM (APMEA), and Global Head, Information Security |
| Career level | Experienced Manager |
| Contract | Permanent (Full-Time) |
| Travel required | Below 25% of total work time |
| Travel extent | Local/ regional |
| Working hours | as per country standard T&Cs |
| Work permit required | No |
| Start date | 30/09/13 |
| Closing date for applications | 16/10/13 |
| Shift work required | None |
At DHL, people mean the world to us. That’s why our goal has always been to attract and retain the best talent the world over. We provide challenge and opportunity for personal and professional development. We recognize the difference you bring to our business, and together we share the pride of building THE logistics company for the world.
Under the DHL Supply Chain umbrella, one of the business units of DHL, we provide customized logistics and industry solutions in the areas of supply chain management, warehousing, distribution, value added services, and lead logistics provider services for our customers – helping them deliver better results everyday.
ORGANISATIONAL BACKGROUND INFORMATION:
Role Title: Regional Head of IT Security, IT Risk & Continuity Management, Asia Pacific Middle East Africa
Corporate Division: DHL Supply Chain
Business Division: Infrastructure & service management
Business Unit: IT APMEA
Overall Role Purpose:
The role is responsible for information security governance and compliance function. The principle objective is to protect the company’s information assets and reputation in line with the commercial and contractual arrangements in place with DHL customers.
Taking guidance from both corporate and global information security risk teams, the role is accountable to the regional infrastructure and service management function fordeliveringthe strategy, roadmap and service provision of security and risk related policies, standards, technologies and processes.
Additionally the role will be mandated with ensuring internal controls, industry compliance and regulatory requirements are assessed against all change initiatives (Customer, Supplier & internal) and business as usual operations that impact operational products and services.
Ensuring the business has the relevant level of business continuity in place & providing guidance with formulating disaster recovery plans where necessary.
This role will directly engage with executive stakeholders to ensure risks are correctly managed, providing a foundation of which informed business decisions can be made in light of competing priorities such as cost or service delivery timescales.
Reports to: Senior Director, IT ISM (APMEA), and Global Head, Information Security
Role Profiler: Lim Chong Yeow and Neil Jarvis
SCOPE OF ROLE:
Number of Countries Covered: Countries in Asia Pacific Middle East Africa Region (15+8)
Direct/Dotted Line reports [only first level of reports into the role]: All IT Security resources in the region will take functional leadership via this role.
Budget Responsibility / Total Cost in m or bn € [year]: IT Security sign-off on all DSC regional implementations of IT Products (Those IT Products that make it into the IT Products catalogue and are approved for customer implementations). IT Security sign-off for all DSC regional internal systems
Expected EBIT of Own Unit in m or bn €: N/ A
Size of Assets Under Management in m or bn €: Info security across a Regional IT budget in excess of €150m
Specific Role Context:
Responsible for providing co-ordination and implementation of Information Security, IT Risk and Continuity Management services to the APMEA Region, consistent with Global Strategy and lead.
Regional role - differing levels of maturing and operations.
Specific Role Challenges:
Technical competence, management gravitas and the ability to influence multi disciplinary teams to implement cost effective solutions.
Stake holder management, Influence. Pragmatic approach necessary. Communicating risks in a way that engages the business to do something.
ACCOUNTABILITIES:
1. Customer - Business roles: External / Functional roles: Internal
Key Activities:
Own the implementation of the ISRM (InfoSec Risk Mgmt) sections of the domain strategy and roadmap.
Regional ownership of ISRM service delivery.
Communicate security standards & updates to all internal functions and internal / external suppliers, ensuring they are understood and adopted.
Validate supplier technology decisions that affect ISRM either directly or indirectly.
Ensure where possible regional policies and standards are harmonised across the group.
Coordinate the Implementation of DHL's Logistics Division IT security strategy, for the region, with the process, data, application and technology leads in the relevant business and IT communities.
Develop and integrate IT security governance processes and procedures within existing Regional IT Architecture, IT Project Delivery and IT Service Management functions.
Provide thought IT Security technical competencies and liaison with the various IT functional groups to ensure appropriate consistency and focus is being applied.
Where requested, work with business and customer facing IT teams to present DHL's Logistics Division IT Security strategy to existing and / or new major customer accounts, within the region.
Educate both business and IT communities on the importance of IT Security.
All areas applicable to both IT infrastructure and software.
Overall Goals/Typical Measures:
Validates reporting of status, issues, risks and agreed exceptions in the domain strategy programme management cycle.
Demonstrate progress against agreed domain strategy compliance targets.
Develop regional ISRM management reports.
Single point of contact & full regional accountability to business units.
Effective knowledge in key functions transferred.
Manage impacts with suppliers.
Adherence to external compliance needs.
Effective engagement model & processes for approval of new services.
Deep understanding of group ISRM policies.
Participate in working groups to align policies and standards where possible.
Regional executive management understanding and awareness of the criticality of appropriate IT / Information security.
User base understanding and awareness of basic IT security risks and ways to mitigate them.
Level of implementation of IT Security initiatives within the region.
Effective regional reporting of IT Risk.
Effective co-ordination of regional business continuity and disaster recovery services.
2. Stakeholder - Business roles: Internal / Functional roles: External
Key Activities:
Ensure the company appropriately identifies, evaluates, agrees and documents risks to information assets with technology and business stakeholders.
Provide ISRM consultation and advisory services to regional business as usual and business development functions.
Ensure BCP plans exist for prioritised customers or services.
Develop education and awareness campaigns to increase staff understanding of ISRM security risks and their personal responsibilities.
Overall Goals/Typical Measures:
Review and enhance risk management strategies and processes across all areas of the business.
All Medium/High classified risks are appropriately managed.
Provide subject matter expertise to support business solutions.
Ensure data is appropriately classified and managed.
Develop priority customer service lists.
Review BCP plans making recommendations as appropriate.
Online security training compliance targets.
3. Process
Key Activities:
Initiate audits to identify areas of risk and increase compliance.
Support external, internal corporate or divisional audits providing consultancy and knowledge as required.
Have input into globally defined ISRM processes, ensuring regional requirements are considered.
Ensure HR processes are effectively integrated into ISRM and ISM systems and processes.
Identify and develop internal process improvements to increase the effectiveness of ISRM service delivery (build and run).
Overall Goals/Typical Measures:
Develop and measure compliance targets.
Ensure audit plan is realistic and achievable.
Ensure remedial actions are documented and owned.
Manage reporting of audit action status to key stakeholders.
Participate in working groups
Effective stakeholder management.
Effective starters and leavers process.
Develop key ISRM KPI’s and demonstrate ongoing improvement.
SKILLS/QUALIFICATIONS:
1. Key Capabilities / Competencies:
Proven accountability for delivering information security and risk management programmes of improvement.
Proven experience in delivering ISRM related change improvements and associated technology.
Practical experience with ISO/IEC 27000 series standards, COBIT, SAS70 & other relevant security standards.
Practical experience completing information security risk assessments.
Excellent verbal and written communication skills.
Pragmatic & highly effective problem solving skills – analytic and reasoning.
Effective senior stakeholder management.
Commercial Orientation and Customer Focus.
Good knowledge of IT service management & IT project delivery.
Prior experience of meeting external compliance (eg data protection acts).
Ability to judge and communicate risks in such a way to engage business colleagues into action.
Cultural awareness.
Diplomacy and negotiating skills.
Broad IT service / technical understanding.
2. Expected Years of Experience (minimum)
5 years + in senior IT security mgmt role
(desirable) 3 years minimum working within multinational – multicultural organisation
3. Expected Educational Qualifications
University Degree in Computer Science, Information Systems, Science, Business Administration.
Information security specific qualifications: CISSP, CISM
Specific risk management qualifications (e.g. M_o_R practitioner)
ITIL Foundation Service Management
Prince 2 or MSP equivalent project / programme management qualifications.ISMA Leadership Program/CPP, CFE, CFI or other security-related qualifications
CAREER / ROLE DEVELOPMENT:
Expected Next Roles:
Global Head of Information Security & Risk
Regional Head ISM
Global functional role
Regional Enterprise Risk role
How to apply?
Please send your application with a short description of yourself and your professional skills directly to: Career.DSCRO@dhl.com.
Only shortlisted candidates will be notified.
Only shortlisted candidates will be notified.
No comments:
Post a Comment