Regional Chief Information Security Officer Asia

Thales is a global technology leader trusted by governments, institutions, and enterprises to tackle their most demanding challenges. From quantum applications and artificial intelligence to cybersecurity and 6G innovation, our solutions empower critical decisions rooted in human intelligence. Operating at the forefront of aerospace and space, cybersecurity and digital identity, we're driven by a mission to build a future we can all trust.

In Singapore, Thales has been a trusted partner since 1973, originally focused on aerospace activities in the Asia-Pacific region. With 2,000 employees across three local sites, we deliver cutting-edge solutions across aerospace (including air traffic management), defence and security, and digital identity and cybersecurity sectors. Together, we're shaping the future by enabling customers to make pivotal decisions that safeguard communities and power progress.

Position Summary

The CISO is responsible for all aspects of information security and cyber security across IT, OT and Product with the help of PSO Teams, including developing, deploying and maintaining a robust security strategy with solid security policies, protocols and procedures across enterprise security architecture, security operations center, datacenter security, and network security including cloud and applications security with appropriate security measures and initiatives.

This role also advises senior leaders and other stakeholders on the further development, implementation and management of a countrywide IT security infrastructure that contains appropriate control objectives for system integrity, availability, reliability, resilience, confidentiality and assurance to company, industry and international standards.

Country coordination: engage country CISO contacts network.

Regional CISO also contributes to deployment of product security policy performed by GPSO (Global Product Security Officer).

Across the different entities composing the Group organization, a network of local CISOs has been defined to ensure adequate management and implementation of security governance and strategy across business unit, region and country levels. This CISO community has a functional reporting line with the Group Chief Information Security Officer. They are consulted and/or informed regarding security policy implementation and its evolution.

In each country, a national CISO office should exist:

• To ensure compliance with local law and regulations

• To maintain relationship with cybersecurity national authorities (cyber agencies, defense agencies, law enforcement…)

• To animate information protection through the network of legal entities representatives

At region levels, local CISO can:

• Develop their own local security policy and directives to comply with local law or regulation as long as they use the group policy as a baseline and only improve the level of security requirements

• Assess IS/IT project risks, organize the accreditation of IS across entities

• Monitor security operations including incident detection through SOC activities

• Manage incident response in coordination with Thales CERT and/or central incident response team support

Essential Functions / Key Areas of Responsibility

• Ensure strategic alignment of the region approach (IS/IT, OT & product with help of the PSO team) regarding Cyber Security (and ensure compliance with legal and regulatory requirements, Thales Group standards and alignment with business objectives)

• Ensure security program & action plans are in place and actions implemented to manage the risk of adverse impacts from any external or internal attack on the region's IT/IS are reduced to an acceptable level

• Ensure appropriate budget and resources are allocated to support the security program at Thales region level

• Be a member of the Group Information System Security Community - sets and approves IS security policy decisions and exceptions for Thales Group

• Manage and validate security derogations on regional scope

• Ensure security incidents are coordinated and managed with the Central Security body through DGDI CISO

• Coordinate regionally under the supervision of the Cert Incident Response Activities

• Gain acceptance of proposed security solutions by the various security accrediting bodies within DGDI CISO

• Respect Group IS/IT standards and strategy

• Review strategies, operational changes and projects to ensure appropriate security controls are applied

• Review proposed enterprise architecture strategies and designs to ensure new risks are not introduced, and suggest changes that increase functionality and help reduce existing risks

• Provide KPIs to central Security team to ensure consistency of cybersecurity within the region

• Maintain/coordinate an understanding of current and emerging security threats that may affect the company now or in the future

• Undertake/coordinate forensic investigations and analysis as required on Thales computer assets in support of HR led investigations

• Liaise with Legal regarding regulatory topics and export control requirements in systems and manage any e-discovery requirements that Thales is required to undertake

• Undertake governance responsibilities for technology based on defense regulations, laws and policies, and report Thales state of compliance to Governmental Boards in charge

• Engage and represent Thales in professional industry forums so that external opinion of Thales Security program remains highly regarded

• Provide regular updates to the Asia CIO and DGDI CISO regarding achievements, issues and goals

• Review and ensure follow up of remediation plans with country CISO

• Lead the businesses for ISO 27k projects and other local regulatory certifications, e.g. Cyber Trust Mark in Singapore

• Produce/adapt all documents related to user awareness

• Support HR for onboarding process and cyber related documents

• Support Regional Company for cyber related maturity plans of Key Industrial Partners

Minimum Requirements: Skills, Experience & Education

• Bachelor's degree (Master's preferred) in Information Technology and/or Information Security (or equivalent experience)

• 5+ years of leadership experience overseeing security initiatives in a large, preferably global enterprise

• Obtained one or more of the following certifications: CISSP, CISM, CISA, GIAC, PMP or other related certifications

• Demonstrable experience of emergency preparedness, critical incident management, business continuity and disaster recovery

• Experienced with large IT infrastructure and/or IT security projects, e.g. firewall deployment, NAC implementation, web proxy upgrade etc.

• Prior experience with information security framework, secure network architecture and design, cloud computing, and secure application architecture/design

• Proven experience leading a dispersed, multi-site team

• Strong working knowledge of information security technologies, markets and vendors including firewall, intrusion detection, assessment and monitoring tools, encryption, certificate authority, and cloud networks

• Experienced in developing policies and procedures for identity and access management, security programs, security standards, requirement definition, and project management plans

• Adept at creating business cases and user cases including the ramifications of various system, network and application security decisions and recommendations

• Articulate with strong verbal and written communication skills for both technical and non-technical audiences

At Thales, we're committed to fostering a workplace where respect, trust, collaboration, and passion drive everything we do. Here, you'll feel empowered to bring your best self, thrive in a supportive culture, and love the work you do. Join us, and be part of a team reimagining technology to create solutions that truly make a difference - for a safer, greener, and more inclusive world.