Information Security Compliance Lead
This Information Security Compliance Lead will lead the implementation and improvement of administrative and technical controls of the company's Information Security Management System. This person should understand the risk management process in order to define action plans to mitigate risks, follow up the progress and measure the effectiveness. The position will coordinate and manage internal and external compliance audits.
- Lead the alignment to the global ISMS (based on ISO27001) over the APAC region.
- Integrate the compliance efforts in the region with the global roadmap.
- Follow up and report the compliance status of processes and technology in the region.
- Identify risk related to information security in the technical environment, the relationships with third parties or any component of the company's operations.
- Define security measures to lower the risks identified.
- Understand about technical and administrative controls in the different areas: networking, operations, access management, SSDLC, cloud security, end-point protection, physical security, third party risk assessment, organization security and legal compliance.
- Coordinate the information security assessments with 3rd parties (clients, suppliers).
- Facilitate the awareness process in terms of delivery and measurement.
- Coordinate and reply to internal and external audits related to information security.
- Investigate on technologies that could improve the security baseline and the compliance (e.g. DLP, end-point protection, network security, security and vulnerabilities assessment).
- Bachelor's degree in Computer Science, Computer or Systems Engineering or equivalent.
- Minimum of 6 years of experience in related positions.
- Solid knowledge of security on networking, cloud, infrastructure configuration, end-point protection and SDLC.
- Knowledge and experience implementing and maintaining the standard ISO 27001/2.
- Experience on InfoSec risk management.
- InfoSec related certifications (e.g. CISSP, CISM, CRISC, CISA)
- Excellent communication and social skills.
- Ability to confidently present findings to the C-level as well as to others with non-technical background.
- Ability to coordinate work within the team and with other departments.
- Prioritization capabilities due to commitments and deadlines.
- Self-directed, resourceful, and a critical thinker with attention-to-detail and proactive problem-solving skills.
- Ready to learn new contents both from others or self-learned.
- Passionate about self-improvement and suggesting improvements to processes or activities.
- +3 year of experience in Security Risk Management, Information Security, Security controls or Security/IT Audit
- Information Security Certification (e.g. CISSP, Comptia Sec, CISM, CRISC, etc)
- ISO27001 Lead Implementer/Auditor
- Knowledge of the SOC2 framework
Media.Monks is the purely digital operating brand of S4Capital plc that connects 8,600+ digital natives across one global team. We are united by a mission to shift industries forward and pave the path towards ambitious outcomes so our clients and our people can realize their full potential for growth. Our unified model combines solutions in media, data, social, platforms, studio, experience, brand and technology services to help our clients continuously reinvent themselves throughout increasingly rapid cycles of disruption. Our efforts to shape culture, build innovative technologies and unlock the future of growth have earned recognition from numerous esteemed panels: we maintain a constant presence on Adweek’s Fastest Growing lists (2019-22), regular recognition at Cannes Lions, inclusion in AdExchanger’s Programmatic Power Players (2020-23), the title of Webby Production Company of the Year (2021-23), a record number of FWAs, and have earned a spot on Newsweek’s Top 100 Global Most Loved Workplaces 2023. Together, these achievements solidify our experience in digital innovation, excellence in craft, and commitment to personal growth.
While we continue to grow our teams, please be mindful of fraudulent job postings and recruiting activities that may use our company name and information. Please be mindful to protect your personal information, especially your national identification number, and bank account information during a recruiting process. While Media.Monks may reach out to potential candidates via LinkedIn, we will always ask applicants to apply through our website (https://media.monks.com/careers) and will never ask for payment or bank account information during the recruitment process.
Responsible for resourcing and implementing security controls for your teams processes and systems
Responsible that all your personnel apply information security in accordance with the established information security policy