This role is responsible for safeguarding MSIG's business, employee, and customer data across our business units (BUs) in Asia, ensuring compliance with applicable laws, regulations, and both group and local policies. It monitors the regional outsourcing framework and controls, supporting the Head of Compliance & Information Security as Data Protection Officer under Singapore's Personal Data Protection Act (PDPA) for the MSIG Asia entity. Additionally, this role supports the Compliance function as part of the second line of defence by promoting awareness and embedding a strong culture of compliance and ethical practices.
Responsibilities
- Develop and implement the annual information security action plan in collaboration with the cybersecurity team
- Develop, maintain, and support a robust incident reporting and tracking system, and regularly review, monitor, and report on corrective and improvement measures
- Monitor and advise on the effectiveness of information security workflows and controls
- Manage information security projects across Asia, including automation initiatives
- Monitor, advise, and support outsourcing activities across our BUs in Asia, and manage outsourcing requirements for the MSIG Asia entity
- Conduct annual on-site reviews of our BUs in Asia
- Support the Head of Compliance & Information Security as Data Protection Officer under Singapore's PDPA for MSIG Asia entity, including ensuring compliance, promoting a culture of data protection by communicating the policies, managing related queries and complaints, and liaising with the Personal Data Protection Commission (PDPC) as required
- Report to the Board and management on compliance with applicable laws, regulations and both group and local information security and outsourcing policies and risks
- Review, update, and maintain regional information security and outsourcing Policies, Regulations, and Guidelines (PRGs) to ensure alignment with applicable laws, regulations and both group and local policies
- Enhance information security awareness by developing training tools and materials
- Design, develop, enhance, implement, and maintain compliance and information security automated / digitalised workflow management and reporting applications
- Manage periodic reporting tools for regional monitoring, and consolidate results
- Prepare reports and documents for internal committee meetings
- Support the Compliance team on: (1) Assessing, identifying, and mitigating risks from Compliance Risk Assessments (CRA), Yearly Checklists (YCL), and Fraud Risk Assessments (FRA) (2) Identify, develop, and share best practices in compliance, fraud prevention, and internal controls, (3) Reviewing, monitoring, and reporting on corrective and improvement measures for compliance audits, self-check issues, fraud/DUA incidents, regulatory sanctions and fines, and AML/CFT/Sanction suspicious transactions
Requirements
- Degree holder
- Professional certifications such as Certified Information Security Manager (CISM) and/or Certified Information Systems Security Professional (CISSP) are preferred
- Minimum three years of experience in information security, including regional strategy and planning, risk management and analysis, regulatory and operational compliance, and governance
- Experience in compliance
- Preferably at least two years of experience in a middle management role
- Experience in project management
