Manager, Information Security

This position will report directly to the Aviation CISO. The candidate will provide advice,
consultation, and awareness of the Group Information Security requirements to technical
teams and other employees, and ensure its implementation. This role will be responsible for
ensuring internal systems and processes are compliant with information security standards
(e.g, ISO 27001, PCI DSS, CIS, NIST CSF, etc); monitoring, managing, and closing information
security compliance issues. Other responsibilities include identification, evaluation, and
interpretation of standards, regulatory, statutory, and member security requirements, control
deficiencies, and information security risks. This position will be the primary point of contact
during information security incidents and responsible for managing the incident.

Duties and responsibilities

• Advise CISO on local information and cybersecurity-related regulations and

requirements, and then map or recommend changes to existing policies and
frameworks.

• Advise local CEO(s) and management on Information Security matters, which may,

from time to time, include updates to the Boards of Directors of the various entities.

• Monitor and report on compliance with security and data protection policies, as well

as the enforcement of policies.

• Work with in-country Data Protection Officer(s) of AirAsia Aviation on data protection

requirements.

• Maintain a record of up-to-date information security assets (e.g, equipment,

documents, etc)

• Participate and facilitate audits and assessment activities to ensure compliance with

information security requirements.

• Monitor and investigate local security events and incidents in collaboration with the

Group Detection & Response team (Security Operations Center).

• For locally arising security incidents, act as Incident Manager, in coordination with

Group Incident Response & Management teams.

• Identify, communicate, and manage current and emerging security threats with

relevant stakeholders. To manage end-to-end information security incidents with the
assistance of incident management teams.

• Conduct or facilitate periodic and/or ad-hoc information security assessments and

testing, as well as manage the findings.

• Analyse management and technical controls to ensure specific security and

compliance requirements are met through verification of documented processes,
procedures, and standards in order to validate the maintenance of secure
configurations.

• Monitor and facilitate the entitlements review process to ensure compliance.
• Monitor third-party risk assessments and assist in performing internal risk

assessments.

• Support development and reviews of security policies, processes, and procedures

and support service-level agreements to ensure that security controls are managed
and maintained

• Collaborate on IT projects to ensure that security policy/risk issues are addressed

throughout the project life cycle.

• Information Security Awareness - Participate in the development of information

security awareness training in conjunction with other members of the GRC. Provide
consultation, education, and awareness on information security requirements to
various levels of management and Allstars.

• Liaise with the Group Information Security Architecture team to ensure local

requirements and activities are aligned with the strategies and objectives of group
information security design.

• Monitor local guest accounts, payments, and fraud risks and advise Group Business

Security (SuperApp accounts and payments anti-fraud, Fraud Operations Team, and
Continuous Monitoring Team) on local business security requirements and threats
Requirements:

• Bachelor's Degree in Information Technology, or Business with IT, Computer Science,

or equivalent

• Minimum 6 years experience in managing Information Security

Operation/Governance, Risk Management, and Compliance, or related fields

• Relevant industry certification is an advantage (ISO 27001, CISA, CISSP, CGEIT, etc)
• Working knowledge in common IT/information security-related regulations or

standards, especially ISO 27001 and PCI-DSS

• Working knowledge of local information and cybersecurity-related regulations and

requirements is a huge advantage

• Ability to develop, review and maintain documentation in a timely manner
• Strong communication (spoken and written), interpersonal, and conflict resolution

skills. The ability to establish and maintain rapport with stakeholders is highly
desired.

• Strong analytical and critical thinking skills
• Result-oriented, high level of attention to detail, self-starter and motivator, ability to

multitask and adjust to shifting priorities
We are all different - one talent to another - that is how we rely on our differences. At AirAsia, you will be treated fairly and given all chances to be your best.We are committed to creating a diverse work environment and are proud to be an equal opportunity employer.

Search Firm Representatives - AirAsia does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place.