Information Security Officer - APAC and Middle East Region
Location: Asite office in Ahmedabad, India (on-site)
Type: Full-time
Experience: 2-4 years
Compensation: A strong salary depending on experience.
About Asite
Asite’s vision is to connect people and help the world build better.
Asite’s platform enables organizations working on large capital projects to come together, plan, design, and build with seamless information sharing across the entire supply chain.
Asite SCM is our supply chain management solution, which helps owners and Tier-1 contractors to integrate and manage their extended supply chain for delivering on capital projects.
Asite PPM is our project portfolio management solution, which gives you and your extended supply chain shared visibility of your capital projects through one common data environment.
Together they enable organizations to build digital engineering teams that can deliver digital twins and just plain build better.
The company is headquartered in UK (London) and has regional offices in US (New York and Houston), UAE (Dubai), Australia (Sydney), China (Hong Kong) and India (Ahmedabad).
Job Summary
Reporting to the Asite CISO and DPO, you will be the SME for the region and take ownership of the implementation and maintenance of all the necessary frameworks and aspects of the Information Security and data privacy in the APAC and Middle East regions.
You’ll be leading a team of 2 to 4 people in the region, ranging from seniors to interns that you have to manage, mentor and guide.
We are looking for a hands-on and proactive Information Security Officer with a strong background in ethical hacking, ISO 27001 implementation or auditing, and experience in consulting environments.
A solid understanding of end-to-end SDLC security and Threat modelling is a must have.
The ideal candidate will have a good understanding of EU/UK GDPR and other data privacy laws across various regions, including the US, Canada, EU, UK, KSA, UAE, India, China/Hong-Kong, and Australia.
These include ISO 27001, ISO 27701, Australia MoD DISP and other regional frameworks and certifications.
Key Responsibilities:
- Support the CISO in the develop and implement comprehensive information security strategies to protect organizational assets and data across APAC and Middle East region
- Manage a team with several levels of expertise, from seniors/lead to interns, that you must manage, mentor and help grow.
- Conduct regular risk assessments and threat modeling using STRIDE, data privacy, data sovereignty, Legal and Client requirements along with OWASP ASVS methodologies.
- Collaborate with local and global senior leadership to improve and augment the risk management framework in place.
- Provide expert advice on all aspects of information security, data privacy laws and regulations, including GDPR, CCPA, PIPEDA, and other frameworks and regulations at the local and global levels.
- Lead internal and supplier audits and client-facing conversations to ensure compliance with information security standards and regulations and client requirements
- Develop and maintain relationships with internal stakeholders, clients, suppliers, and regulatory bodies
- Collaborate with the incident response team to develop, implement, improve and test incident response plans in line with local and global requirements.
- Stay up to date with emerging threats and trends in information security, and provide recommendations for mitigation
Requirements:
- Ideally a degree or Masters/PhD in Computer Science, Information Security, Cyber Security, Mathematics, Management, or related fields. Similar functional experience can replace the lack of formal education.
- Minimum 10 years of experience in information security, with at least 4 years in a consulting environment (Big 4 preferred) and at least 2 to 4 years as a regional Information Security Officer.
- Proven experience with ISO 27001 implementation or auditing of medium size organizations (250 to 750) users
- Expertise in ethical hacking and penetration testing or at least a solid understand of the fundamentals of ethical hacking, web application and infrastructure penetration testing, Red teaming and Purple Teams.
- Strong knowledge of EU/UK GDPR and other data privacy laws across various regions
- Experience with internal audits and client-facing conversations
- Proficient in risk management and threat modeling methodologies (STRIDE, OWASP ASVS)
- Bilingual in English and Hindi and/or Gujarati.
- Other languages such as Arabic, Turkish and Cantonese are a plus
Nice to Have:
- Experience working in the Middle East and/or APAC markets
- Military or Police background is highly desirable.
- Experience with security clearances and have previously been security cleared by the India Government for RESTRICTED and CONFIDENTIAL levels.
- Knowledge of relevant standards and regulations -NIST SP 800-53, NIST CSFCI, PCI-DSS, HIPAA, ISO 27001, ISO 27701, ISO 9001, SOC 2 Type II or similar.
- Certification in information security and risk management such CISSP, CISM, CISA, ISO 27001 Lead/Senior Auditor or Implementer, OSCP, CRISC, CREST
What We Offer:
- Competitive salary and benefits package up to
- Opportunity to work with a leading global organization in the construction world
- Professional development and growth opportunities
- Collaborative and dynamic work environment with a Global remit
If you are a motivated and experienced information security professional looking for a new challenge, please submit your resume.
Join and help build a better, more efficient, and more secure world.