Director, Information Security

Singapore, Singapore, Singapore DHL Express 20001N7 23/03/2020
Apply

Would you like to be part of the most international company in the world? A company operating in more than 220 countries worldwide, and has been pioneering cross-border express shipping since 1969. Would you like to be part of a business that connects people across the globe? And the more we connect, the better life on Earth becomes. Do you want to make a difference? If you have answered Yes! to the above, join our Insanely Customer-Centric team now! For more information on DHL Express, please visit workingatdhl.com.

DHL Express Global Head Office has an opening for Director, Information Security to be based in Singapore. The role purpose includes the following:


• Provides functional input on Information Security compliance and risk management processes and mitigations in DHL Express, ensuring the development and management of IT security policies, standards and regulations, best practice guidelines and support tools in line with the Deutsche Post (DP) DHL security policies and DHL Express IT Strategy.

• Ensures compliance with the DP DHL Information Security Policy, and responsible for the implementation of Information Security Target Model within DHL Express.

• Leads, designs and implements Information Security Management System (ISMS) aligned with DHL Express Global, including strategy, governance, standards, processes, policies and tools while understanding and addressing issues and constraints from functions and countries.

• Responsible for Information Security, Data Protection, Record Management implementation for DHL Express and compliant with DHL Express ISMS, Data Protection, and Record Management standards.

• Supports new and existing customer business and coordinate related projects, security incidents, audits and vendor security assessment.  
• Leads, designs and manages specific Global DHL Express topics as required on behalf of the DP DHL Information Security Committee.


YOUR TASKS

Customer

• Drives the implementation of IS Target Model in DHL Express.
• Defines processes that can be implemented in the project lifecycle of DHL Express projects, and drive implementation globally.
• Drives global awareness trainings and programs on IT Security.
• Drives reporting to DHL Express Information Security Committee (ISC) ensuring appropriate visibility to existing and new risks. 
• Ensures that appropriate risk mitigation actions and plans are developed by BIT, ITS and its IT service suppliers.
• Represents the DHL Express Information Security organization and constitutes the entry point for the information security compliance assessment, risk assessment and treatment process for Customers.
• Participates in IS Compliance & Risk Management forums to ensure that approach is up to date with leading edge industry thinking.
• Enables new business opportunities and retention of existing business by leading or supporting IT Security & Data Protection response to Customer questions or audits related to IT Security within DHL Express.
• Coordinates IT security and data protection audit, security assessment, security incident responsible with external stakeholders including customer, suppliers, auditors and authorities.

Stakeholder

• Reports effectiveness of DHL Express security compliance, risk management to management with explicit focus on high risk / high impact assessments and actions being taken for mitigation.
• Provides guidance and direction to the Audit function on DHL Express potential information risk exposures.
• Coordinates security assessment activities with entities within DHL Express and external suppliers/customers.
• Provides input to the design and development of management practices and solutions selected from the information security risk treatment plan.
• Performs Information Security Exemption Management for high or critical risks jointly with Business Partners.
• Maintains an Information Security reporting plan for the areas within his/her responsibility.
• Maintains and implements IT Security & Data Protection standards in order to ensure that DHL Express is protected from IT security and data threats and that customer data is secure within the organization network.
• Influences quality and customers service across business to adhere to IT security  & Data Protection standards required by customers.

Process

Risk Management:

• Analyzes IT Systems in regards to confidentiality, integrity and availability.
• Supports risk owners in identifying and assessing threats to IT Systems and technologies.
• Implements a systematic and structured information security risk assessment process.
• Ensures that threat and vulnerability evaluations are conducted periodically.
• Identifies and periodically evaluates information security controls and countermeasures to mitigate risks to acceptable levels.
• Integrates risk, threat and vulnerability identification into life cycle processes (e.g. development, procurement, service design).
• Reports significant changes in information security risk to appropriate levels of management.

Compliance Assessment:

• Establishes the extent and procedures of the Information Security compliance assessment program.
• Ensures that appropriate compliance assessment documentation is provided and maintained.
• Monitors, reviews, and improves the compliance assessment programs.
• Ensures the implementation of the compliance assessment program, including the establishment of compliance assessment objectives, scope, and criteria of the individual compliance assessments, determining compliance assessment methods and selecting the compliance assessment team, and evaluating assessors.
• Coordinates the compliance assessment program with the Chief Information Security Officer.
• Acts as Data Protection adviser for regions and countries.
• Acts as Global Program Lead for initiatives.
• Maintains strategic overview of regional and countries’ business priorities, and supporting IT requirements, and ensure that these are represented within IT Security and Data Protection as appropriate.
• Responsible for driving quality improvements and risk reduction within IT Security & Data Protection.




WHAT WE NEED FROM YOU

• University Degree in Computer Science or Information Systems or equivalent education.
• Minimum 12 to 15 years minimum in Senior Information Security role, in a multinational, multicultural organization, with proven experiences in leading and implementing information risk & compliance processes and frameworks.
• Working knowledge of Logistics/Transportation industry preferred.
• Formal information security accreditation (e.g. CISSP, CISM, CISA,CRISC or equivalent experience). 
• IT Consulting Skills Certification preferred.
• Proven experience in implementing information security strategies and policies and risk mitigation actions.
• Strong stakeholder management - develops and manages all defined communication channels/stakeholder groups.
• Strong written and communications skills.
• Strong Interpersonal communications.
• Sound analytic and reasoning skills.
• Broad IT service / technical understanding.
• Strong diplomacy and negotiating skills.
• Seasoned professional in Information Technology (esp. Information Security Risk Management & Compliance Assessment).
• Proven ability to lead and manage a specialist based, high performing and multicultural team
• In depth knowledge of IT Security practices and methodologies.

Facts and Figures

  • Travel Required

    <15% of the time

Apply