Job Purpose This position is one that will support information risk management and compliance goals of the organization. Information Security risk management and compliance supports both short and long-term business objectives. This person will develop and maintain partnerships with others in the IT organization and with business partners (internal and external) in the development, execution and maintenance of information security risk management and compliance services.
Critical Results
This position takes a risk-based approach to business processes, systems integrity, and security to fully understand the business risk and control tolerance, and balances that against established organizational control objectives and integrity techniques.
· Support, implement and maintain a global risk management program.
· Support, implement and maintain a vendor / partner security program to manage information risk introduced by the extensive partner ecosystem at Levi Strauss.
· Support, implement, and maintain an implementation review program to assess and monitor information risk and security exposures and impacts.
· Partner with global information security staff to implement security controls in the AMA region to protect Levi Strauss & Co. assets.
Responsibilities · Lead in AMA information security risk management processes aligned with the corporate systems development.
· Conduct business application and technology risk assessments.
· Technical consulting.
· Conduct “deep dive” security and compliance reviews for targeted areas.
· Perform ongoing reviews of Third Party Business Partners.
· Manage information risk during the implementation of security, business and technology solutions.
· Document risk management procedures and processes.
· Support security awareness efforts.
· Act and key point of contact to project teams and business partners for security questions and concerns in AMA.
· Build strong partnerships with IT and Business partners.
Requirements · Bachelor’s degree. CISSP certification highly recommended although not necessary. In lieu of formal education, applicant should have at least 5 years in depth experience.
· A minimum of 5 years’ experience in Information Security along with subject matter expertise in one of the following areas: IT audit, risk management, compliance, information security, and/or enterprise risk management. Familiarity and understanding of global and regional security and privacy issues.
· Previous security, privacy, risk management, and/or compliance experience in a global or multi-national organization.
· General knowledge of networking and security concepts, various tools and solutions including firewalls, IDS, endpoint protection and other solutions.
· Strong communication and organizational skills.
#LI-CL1
LOCATION Singapore 138589
FULL TIME/PART TIME Full time
