Information Security Policy Senior Analyst

  • Post Date: 2020-10-06
  • Apply Before: 2020-11-05
  • Job Level: Executive - Senior
  • Min Year of Experience: 6
  • Min Qualification: Bachelor Degree
  • Based In: Bayan Lepas , Penang
Job Description
Responsibilities :

  • Assist, coordinate, or lead in the development, maintenance, and revision of policies, standards, and guidelines of information security programs and to support and align with organizational information security initiatives and regulatory compliance.
  • Partner with internal teams (AD, Mail, Network, Server, Application, Database, Voice & Video, Incident and Response, SecOps, etc.) to ensure policies meet the needs and goals of Information Security.
  • Partner with the security awareness team to communicate new policies and spread general awareness about policy set.
  • Partner with internal teams (Compliance, Internal Auditor) to test compliance with information security policies and standards.
  • Collaborate with other departments (Legal, HR, Finance, Engineering, etc.) on cross-functional policies.
  • Review existing and proposed policies and standards with stakeholders.
  • Perform gap analyses and mappings of information security frameworks and the security requirements contained in existing and proposed security documents.
  • Gather and store artifacts to prepare for audits.
  • Stay abreast of legal and regulatory (NIST CSF, SP800-53, ISO 27001) changes that could impact our policies.
  • Provide training and awareness on policy life cycle.
  • Advocate for changes in policy that support organizational cyberspace initiatives or required changes / enhancements.
  • Perform other duties as assigned, such as conducting annual supply chain security survey by sending survey checklist to suppliers, tracking checklist submission, survey result analysis, compilation and reporting, and checklist revision.
Required Qualifications :

  • Bachelor’s Degree, preferably in IT, information security, risk management, data privacy or law.
  • 6+ years of experience in IT, information security, compliance, data privacy or related industry.
  • Experience or interest in IT, information security, information risk management.
  • Experience drafting corporate policies or working in document management is a plus.
  • Good writing skills, with experience as a writer or technical editor is a plus.
  • Understanding of information security, IT governance, risk and compliance frameworks, methodologies and practices including NIST CSF, SP800-53, and ISO 27001.
Desired Qualifications :

  • Customer service mindset.
  • Strong attention to detail, organization skills, and time management.
  • Good verbal and written communication skills.
  • Ability to interact professionally with a diverse group : executive, managers, and subject matter experts.
  • Ability to take direction and independently work through projects as required.
  • Knowledge of, or experience working with, Cloud technologies / environment is a plus.
  • Possess relevant professional qualification (e.g. CISA, CRISC, CGEIT, CISM, or CISSP) is a plus.