Senior Executive

Reporting to the Head of Compliance & Information Security, this role is responsible for protecting MSIG’s business, employee, and client data across our business units (BUs) in Asia in accordance with relevant laws and regulations, as well as group and local policies. In addition, this role will monitor the outsourcing framework and controls in the region, with the support from the Head of Compliance & Information Security as Data Protection Officer, under Singapore’s Personal Data Protection Act (PDPA) for the MSIG Asia entity.

Responsibilities

• Develop and implement the annual information security action plan in collaboration with the cybersecurity team
• Develop, maintain, and support a robust and effective incident reporting and tracking system, and review, monitor, and report on the corrective and improvement measures
• Monitor and advise on the operating effectiveness of information security workflows and controls
• Manage information security projects in Asia, including automation projects
• Monitor, advise, and support outsourcing matters across our BUs in Asia, and manage the outsourcing requirements for the MSIG Asia entity
• Conduct annual on-site reviews of our BUs in Asia
• Support the Head of Compliance & Information Security as Data Protection Officer under Singapore’s PDPA for MSIG Asia entity, including ensuring compliance, fostering a culture of data protection by communicating the policies, managing related queries and complaints, and liaising with the Personal Data Protection Commission (PDPC) as required
• Report to the Board and management on adherence to applicable laws and regulations as well as group and local information security and outsourcing policies and risks
• Review, update, and maintain the regional information security and outsourcing Policies, Regulations, and Guidelines (PRGs) to ensure consistency with the relevant laws and regulations as well as group and local policies
• Enhance the awareness of information security by developing training tools and materials
• Design, develop, enhance, implement, and maintain Compliance & Information Security automated/digitalised workflow management and reporting applications
• Handle and manage periodic reporting tools for regional monitoring, and consolidate the results
• Draft, develop, and edit the reports and documents for internal committee meetings
• Support the Compliance team and collaborate on:

1. Compliance related topics such as fraud, regulatory sanctions including AML/CFT, the Group’s internal regulations and guidelines (e.g., PRGs, compliance manual), annual Compliance Program, etc.
2. Periodic mandatory training to promote awareness of compliance to our staff, and in support of our BUs in Asia
3. Risk assessment on Compliance (CRA), Fraud (FRA), etc.
4. Annual Internal Control Program (ICP/JSOX)

Requirements

• Degree holder
• Certified Information Security Manager (CISM) and/or Certified Information Systems Security Professional (CISSP) is preferred
• Minimum three years of experience in information security (regional strategy and planning, risk management, regulatory operations and compliance), and preferably with at least two years of experience in a middle management role
• Good knowledge of information security and cybersecurity risks and controls, processes, workflows, methodologies, and trends
• Experience in project management
• Good knowledge of regional regulations in information security and the insurance sector
• Good experience and understanding of Asian cultural and business dynamics