Tasks and responsibilities:
1. Information Security and Data protection
a) Support company CISO to develop, update, and maintain data protection and information security policies, standards and procedures to conform to internal best practices and local cybersecurity laws / regulations.
b) Support company CISO for coordinating, aligning and translating business requirements and security generally accepted practices (e.g., risk-based practices) into security-based project plans and deliverables
c) Support company CISO to ensure that data protection and information security risks are appropriately addressed, including performing information security risk assessments of infrastructure or application implementation for new project or modification to existing technology, coordinating comprehensive risk/impact assessment (e.g. security controls implemented, data protection, access control, cross-border data transfer, data sharing and disclosure, sensitive personal information processing, etc.).
d) Support company CISO to establish the information security management system and fulfil the relevant certification audit both internally and externally
e) Coordinate completion of information security & privacy awareness training.
f) Work closely with information security team members & peers in the global organization
2. ISO Management System
a) Support company ISO officer to establish ISO management system
b) Support company ISO officer to fulfil ISO audit management
c) Monitoring the ISO corrective actions and follow ups
d) ISO certification management
3. Daily IT administration
a) Support day to day IT operations, including user account provisioning, access reviews, hardware lifecycle management, and system configuration oversight.
b) Coordinate with IT teams to ensure secure deployment, patching, and maintenance of systems, applications, and cloud environments.
c) Maintain asset inventories, configuration baselines, and documentation aligned with ISO and internal governance requirements.
d) Oversee IT service management (ITSM) processes such as change management, incident management, and problem management.
e) Assist in troubleshooting IT issues related to security controls, endpoint protection, identity management, and network access.
4. IT Vendor Management & Third Party Oversight
a) Support IT manager to management full IT vendor lifecycle, from onboarding and due?diligence assessments to ongoing monitoring and offboarding.
b) Conduct third?party security and privacy evaluations, ensuring alignment with ISO 27001, ISO 27701, and organizational risk criteria.
c) Track vendor performance, SLAs, compliance obligations, and remediation activities.
d) Collaborate with procurement and business units to ensure vendor selection aligns with security, privacy, and operational needs.
5. Contracting, Procurement & Overhead Purchasing
a) Support IT Manager to manage procurement of IT equipment, software licenses, and security tools, ensuring alignment with budget, lifecycle planning, and compliance needs.
b) Support IT Manager to maintain purchasing documentation, vendor quotes, and approval workflows in accordance with audit and ISO requirements.
c) Oversee renewals, subscription management, and cost optimization for IT and security related services.
Requirements:
1. Education: Bachelor's degree;
2. Major: Information Technology, Computer Science and Technology or similar; Business Management;
3. Experience: At least 2 years’ working experience;
4. Skills: Project Management;
Information security auditor;
ISO Management System;
Skilled in written and oral English;