Zurich Zurich
Zurich Insurance Group
Job Details
Back to results

Information Security Analyst

Job Posting: 10/01/2017
Schedule:
Travel: Yes, 5 % of the Time
Requistion ID 170006BL

Apply

Job Description

Position Profile
 
Job Description
Position within Group
Span of Control
Title
Information Security Consultant
Division
Information Security
GWP or Budget responsibility
(in USD)
none
Position held by
 
BU
APAC Operations
Overall FTE / Direct Reports / 3rd Party
none
Reporting to
Business Information Security Officer (Malaysia)
Department
IT Services
Local         Regional     Global
WW Grade
(if known):
 
 
 
 
 
Role and Context
Need to do
Need to know
 
 
SUMMARY:
 
Information Security Consultant is primarily responsible for the overall information security governance in Malaysia. Being part of the Regional Information Security team, the role will also be assigned with Regional responsibilities to ensure information security missions are consistently and effectively executed across the region.
 
KEY TASKS & RESPONSIBILITIES
 
Key responsibilities will be to support the Business Information Security Officer (Malaysia ) in the following:
  • Information Security governance
    • Maintain good understanding and governance on IT security controls in Malaysia
    • Drive remediation actions to fix security control gaps
    • Security consultancy on business, IT and security projects (including major changes)
    • Validate security metrics provided by Group and drive remediation (e.g. security vulnerabilities, coverage of security technologies, application security, technical control compliance, etc)
  • Information Security & Risk Reporting
    • Share Regional and BU level IT security dashboard to help BU management to understand IT security risk exposure
    • Collaborate with Risk Management to assess Cyber risk exposure for BUs
  • Information Security, Risk and Compliance Assessments
    • Engage with business/IT and coordinate/perform the following assessments and drive remediation:
        • Cloud security assessments
        • Vendor assessments
        • Business / IT Application assessments (incl. pre & post implementation reviews, major changes)
        • Regulatory assessments (local regulations, PCI, etc)
        • IT Compliance assessments
        • IT Risk assessment (e.g. M&A)
        • Themed security reviews
    • Exception management
  • Application Security
    • Collaborate with business / IT to ensure application security controls  are implemented throughout the application development life-cycle (supported by the Global Application Security team)
  • Security Awareness & Education
    • Drive BU level security awareness and education program
    • Facilitate global Security Awareness & Education initiatives at the BU level
  • Security Incident Response
    • Coordinate and facilitate IT security incidents response and forensic investigations (supported by the Global Cyber Response team)
  • Security Threat Intelligence
    • Ensure actions recommended by global Cyber Threat Intelligence team are completed at the BU level
    • Communicate Cyber threat alerts to the BUs
 
 
RELATIONSHIPS:
 
Internal / External
Internal relationships should focus on matrix relationships where required for this role.
 
Internal:
  • Global Information Security team
  • APAC IT Services team
  • Sourcing & Procurement
  • Group Operations & Technology
  • Group Audit
  • Local Risk/Legal/Compliance
  • Chief Operation Officers (COOs)
  • Chief Information Officers (CIOs)
 
 
External:
  • External auditors
  • Assurance organizations
  • Industry bodies (e.g. ISF)
  • Service Providers and Suppliers
  • Vendors & Outsource Suppliers
 
TRAVEL & OTHER REQUIREMENTS
 
Requires occasional travel to business division headquarters, corporate center or conference locations; travel will typically not exceed 10%.
 
QUALIFICATIONS/EXPERIENCE
 
  • University degree or equivalent experience.
  • Minimum 4-6 years professional experience with 4+ years in information security or related fields.
  • Ability to communicate security-related concepts to a broad range of technical and non-technical staff.
  • Risk management and IT security skills
  • Experience in a complex matrix environment.
  • CISSP, CISA, and CISM certifications is a plus
 
KNOWLEDGE:
 
  • Strong communication skills
  • Strong integrity and highly ethical
  • Effective in influencing and persuasion
  • Background in security/risk related topics and technologies
  • Working knowledge of regulatory compliance drivers
  • Management skills structuring and managing teams
  • Vendor management
  • Security architecture knowledge
 
TECHNICAL SKILLS
 

·          General, working understanding of security concepts and architectures

·          General, working understanding of IT security and compliance controls

·          Understanding of operating system platforms and security models

·          Understanding of holistic set of IT technologies and processes (operating systems, databases, networking, web/application, change management, SDLC, disaster recovery, monitoring, help desk)

·          General knowledge of regulatory requirements relevant to the business

·          Local language skills plus English language proficiency

 
 
 
Zurich Core Competencies
For each core competency, tick the descriptor that best matches the requirements for this role:
 
 
 
Change
Operates effectively in change situations
 
 Level 4 (advanced)     Initiates, sponsors and leads change in a complex environment; resourceful, composed & patient in pioneering new solutions
 Level 3                          Actively spots and evaluates changes in customer needs; drives & promotes change; positively adjusts behaviour to new situations
 Level 2                          Agile and flexible; modifies viewpoint as appropriate with different situations & people
 Level 1 (basic)             Actively adapts to change while sustaining high quality
 
 
 
Results
Gets things done, using appropriate techniques in a timely & effective manner, to budgetary and other financial standards.
 
 Level 4 (advanced)     Models, directs and takes accountability for the tenacious pursuit of & passion for outstanding, sustainable results
 Level 3                          Strongly focuses on efficient use of resources to maximize performance delivering relevant and secure solutions for our customers
 Level 2                          Drives towards goals, anticipates obstacles and overcomes setbacks
 Level 1 (basic)             Works in a responsible, results-driven & systematic way
 
 
 
Collaboration
Works & communicates constructively with others, placing collective success above individual gain.
 
 Level 4 (advanced)     Creates & sponsors cooperative, synergistic high performing teams and recognizes collective success
 Level 3                          Develops formal & informal internal & external networks across business units, business divisions and functions to nurture collaborative efforts
 Level 2                          Thoughtfully facilitates consensus-building across function or business unit
 Level 1 (basic)             Works in a responsible, cooperative and respectful way; acts as a One Zurich team player. Communicates openly and professionally
 
 
 
Customers
Delivers a high level of service internally & externally.
 
 Level 4 (advanced)     Creates organizational capability to deliver customer value. Builds sustainable customer relationships based on anticipating and incorporating market trends and customer insights.
 Level 3                          Proactively anticipates and exceeds customer expectations by building a distinctive experience.
 Level 2                          Continuously finds new ways to resolve customer needs with relevant solutions.
 Level 1 (basic)             Understands and successfully addresses customers’ desires & expectations; treats customers fairly
 
 
 
 
 
Zurich Core Competencies
For each core competency, tick the descriptor that best matches the requirements for this role:
 
 
Interpersonal
Develops & maintains trust-based relationships.
 
 Level 4 (advanced)     Inspires others, promotes an environment that fosters trust and confidence, and inclusiveness. Deepens and extends relationships within and outside Zurich.
 Level 3                          Displays empathy, values and leverages diversity; develops meaningful relationships within and outside Zurich.
 Level 2                          Approachable; actively and effectively builds and maintains relationships.
 Level 1 (basic)             Proactively shares knowledge; respects others, including their ideas & contributions.
 
 
People
Realizes full potential of self & others and pursues development opportunities.
 
 Level 4 (advanced)     Takes full accountability for talent management in the organization, demonstrates sustained performance in managing and inspiring people.
 Level 3                          Pursues stretch assignments for self and others that build on potential. Openly addresses difficult people issues and conflicts in a constructive manner.
 Level 2                          Seeks and delivers direct feedback and creates opportunities for development and follows through on developmental commitments; encourages others to excel.
 Level 1 (basic)             Takes accountability for own actions; encourages others to contribute.
 
 
Strategy
Actively contributes to the achievement of the organization’s strategy.
 
 Level 4 (advanced)     Anticipates global market conditions and trends; influences, shapes and drives organizational strategy.
 Level 3                          Translates Zurich Strategy for business unit or function; builds strategy to account for long-term trends, threats & opportunities.
 Level 2                          Understands the organizational issues and external circumstances that affect the function or business unit and aligns own and team’s actions with strategic direction.
 Level 1 (basic)             Demonstrates awareness regarding “Zurich Strategy” and acts accordingly.
 
 
Innovation
Generates innovative solutions through creative, original thinking.
 
 Level 4 (advanced)     Identifies opportunities and champions initiatives that anticipate customer needs before the market; facilitates the sharing of insights wherever they come from.
 Level 3                          Demonstrates bold, cutting-edge mindset; develops and applies solutions that confront the status quo & drive growth.
 Level 2                          Pioneers original & creative ideas that influence business decision-making; resilient in the face of challenge.
 Level 1 (basic)             Curious; seeks and realizes new solutions within role, business unit or function.
 
 
Apply