Main Purpose
The Regional Cybersecurity Manager will lead the APAC Information Security team and oversee security governance, risk management, and incident response across the region. This role manages vendors and partners, working closely with local IT and business teams to ensure operational continuity across various markets.
Key Responsibilities
Security Strategy & Governance
- Define, implement, and maintain information security policies, standards, and procedures.
- Align security initiatives with business objectives and risk appetite.
- Lead regional security risk assessments and audits, identifying vulnerabilities and driving remediation.
- Contribute to security architecture decisions, with a focus on cloud and hybrid environments.
Operational Security Management
- Oversee daily security operations, including threat monitoring, incident response, and vulnerability management.
- Partner with IT infrastructure teams to ensure secure configurations and timely patching.
- Define and monitor KPIs (e.g., phishing simulation results, audit scores, vulnerability ratings).
Compliance & Risk Management
- Ensure compliance with global and regional regulations (e.g., ISO 27001, GDPR, PDPA, NIST).
- Maintain documentation for audits, certifications, and regulatory reviews.
- Manage third-party risk, ensuring vendor compliance throughout the lifecycle (onboarding, monitoring, offboarding).
Incident Response & Recovery
- Lead the full incident response cycle: investigation, containment, eradication, and recovery.
- Develop, test, and refine business continuity and disaster recovery plans for cyber resilience.
Awareness & Training
- Drive security awareness programmes, including training sessions and phishing simulations.
- Act as a subject matter expert to guide internal teams and business stakeholders.
Collaboration & Reporting
- Partner with IT, Legal, Compliance, and business leaders to address security requirements.
- Provide regular reports on security posture, risks, and incidents to senior leadership.
Security Innovation & Trends
- Monitor emerging threats and evolving technologies.
- Recommend strategic investments in tools, processes, and capabilities to strengthen security posture.
Ad Hoc Support
- Perform other information security-related duties as assigned by management.
Requirements
- Bachelor's degree in Information Technology, Computer Science, or related field.
- 10+ years of IT Security experience, with at least 3 years in a regional or global leadership role.
- Professional certifications (e.g., CISSP, CISM, CISA, ISO 27001 Lead Implementer) strongly preferred.
- Strong knowledge of security frameworks, technologies, and threat landscapes.
- Proven track record in leading incident response, risk management, and security governance.
- Excellent communication, leadership, and stakeholder management skills.
- Willingness to travel across the APAC region as required.
