Director, Information Security
Would you like to be part of the most international company in the world? A company operating in more than 220 countries worldwide, and has been pioneering cross-border express shipping since 1969. Would you like to be part of a business that connects people across the globe? And the more we connect, the better life on Earth becomes. Do you want to make a difference? If you have answered Yes! to the above, join our Insanely Customer-Centric team now! For more information on DHL Express, please visit workingatdhl.com.
DHL Express Global Head Office has an opening for Director, Information Security to be based in Singapore. The role purpose includes the following:
• Leads, designs and manages specific Global DHL Express topics as required on behalf of the DP DHL Information Security Committee.
• Defines processes that can be implemented in the project lifecycle of DHL Express projects, and drive implementation globally.
• Drives global awareness trainings and programs on IT Security.
• Drives reporting to DHL Express Information Security Committee (ISC) ensuring appropriate visibility to existing and new risks.
• Ensures that appropriate risk mitigation actions and plans are developed by BIT, ITS and its IT service suppliers.
• Represents the DHL Express Information Security organization and constitutes the entry point for the information security compliance assessment, risk assessment and treatment process for Customers.
• Participates in IS Compliance & Risk Management forums to ensure that approach is up to date with leading edge industry thinking.
• Enables new business opportunities and retention of existing business by leading or supporting IT Security & Data Protection response to Customer questions or audits related to IT Security within DHL Express.
• Coordinates IT security and data protection audit, security assessment, security incident responsible with external stakeholders including customer, suppliers, auditors and authorities.
• Provides guidance and direction to the Audit function on DHL Express potential information risk exposures.
• Coordinates security assessment activities with entities within DHL Express and external suppliers/customers.
• Provides input to the design and development of management practices and solutions selected from the information security risk treatment plan.
• Performs Information Security Exemption Management for high or critical risks jointly with Business Partners.
• Maintains an Information Security reporting plan for the areas within his/her responsibility.
• Maintains and implements IT Security & Data Protection standards in order to ensure that DHL Express is protected from IT security and data threats and that customer data is secure within the organization network.
• Influences quality and customers service across business to adhere to IT security & Data Protection standards required by customers.
• Supports risk owners in identifying and assessing threats to IT Systems and technologies.
• Implements a systematic and structured information security risk assessment process.
• Ensures that threat and vulnerability evaluations are conducted periodically.
• Identifies and periodically evaluates information security controls and countermeasures to mitigate risks to acceptable levels.
• Integrates risk, threat and vulnerability identification into life cycle processes (e.g. development, procurement, service design).
• Reports significant changes in information security risk to appropriate levels of management.
• Ensures that appropriate compliance assessment documentation is provided and maintained.
• Monitors, reviews, and improves the compliance assessment programs.
• Ensures the implementation of the compliance assessment program, including the establishment of compliance assessment objectives, scope, and criteria of the individual compliance assessments, determining compliance assessment methods and selecting the compliance assessment team, and evaluating assessors.
• Coordinates the compliance assessment program with the Chief Information Security Officer.
• Acts as Data Protection adviser for regions and countries.
• Acts as Global Program Lead for initiatives.
• Maintains strategic overview of regional and countries’ business priorities, and supporting IT requirements, and ensure that these are represented within IT Security and Data Protection as appropriate.
• Responsible for driving quality improvements and risk reduction within IT Security & Data Protection.
• Minimum 12 to 15 years minimum in Senior Information Security role, in a multinational, multicultural organization, with proven experiences in leading and implementing information risk & compliance processes and frameworks.
• Working knowledge of Logistics/Transportation industry preferred.
• Formal information security accreditation (e.g. CISSP, CISM, CISA,CRISC or equivalent experience).
• IT Consulting Skills Certification preferred.
• Proven experience in implementing information security strategies and policies and risk mitigation actions.
• Strong stakeholder management - develops and manages all defined communication channels/stakeholder groups.
• Strong written and communications skills.
• Strong Interpersonal communications.
• Sound analytic and reasoning skills.
• Broad IT service / technical understanding.
• Strong diplomacy and negotiating skills.
• Seasoned professional in Information Technology (esp. Information Security Risk Management & Compliance Assessment).
• Proven ability to lead and manage a specialist based, high performing and multicultural team
• In depth knowledge of IT Security practices and methodologies.
Facts and Figures
<15% of the time