Overview The APAC BISO Infosec Lead is a strategic partner to the business and is responsible for supporting information security risk management within the sector. This role requires both business engagement and technical security skillsets to assess, mitigate, and remediate security risks, driving security initiatives within the sector and promoting security awareness. This role will need to partner with various functions like sector Infrastructure and Operation, sector Enterprise Architecture, Global security teams and key sector business functions to drive a culture of security within APAC. Responsibilities Security Risk Management: Partnered with S&T I&O teams, to ensure a secured Cloud, Infrastructure, network and workplace foundations within APAC. Serve as the primary security contact to lead the risk analysis & identification, drive risk mitigation and remediation, also provide appropriate security advices of any gap/opportunity within the I&O domain. Specially dedicate on define and execute the China Cloud Security improvement plan. Partnered with Supply Chain and Global OT Security teams, to support the OT Security program implementation and operationalization in APAC. Also provide appropriate security advices of any gap/opportunity within the OT Security domain. Secure From the Start: Partner with sector and business unit deployment leads, sector EA team and various global information security functions to establish a Secure from the Start in APAC. Provide infosec advices and requirements at project early stage, support in security design and security validations throughout project lifecycle. Third-Party Security Risk Management: Collaborate with the third-party security risk management team to establish a systematic 3rd party security risk management framework in APAC. This includes define 3rd party security risk mgmt. priorities, support in assessments, issues, remediation and stakeholder reporting. Business Engagement & Stakeholder Management: Develop and implement strategies to engage business functions on information security matters, support in transforming infosec as a trusted partner across APAC. Build and maintain relationships with key stakeholders to ensure alignment with security policies, standards, and strategy. Address stakeholder resistance and foster collaboration between business and information security. Training and Awareness: Support in various Information Security and OT Security awareness programs to build a stronger security culture in APAC. Vulnerability Management: Support vulnerability mitigation and remediation plan development within assigned domains. Collaborate with Attack Surface Management to understand security impacts of complex technical issues. Security Exception Management: Support, track and remediation of sector-based security issues and exceptions. Incident Response: Provide support to the business unit during security incidents, in collaboration with the Global Incident Response function, and assist with after-action engagement programs and post-incident activities. Qualifications Bachelor’s degree required 6+ years as Information Security Expert/Manager or similar experience Experience with security risk management, vulnerability management, endpoint and Infrastructure security, data classification and data security etc. Experience of Cloud Security basis and various cloud security products available on Azure, Alicloud Knowledge of OT Security domain is preferred Well versed in Cybersecurity Framework like NIST, ISO27001, PCI DSS Well versed in local cybersecurity regulations like CSL, DSL, PIPL, MLPS, CBDT etc. CISM, CISSP certifications or relevant certifications required Written/spoken English proficiency required Strong interpersonal and oral communication skills. High level of analytical and problem-solving abilities. Strong understanding of both IT and Information Security goals and objectives. Highly self-motivated and directed. Experience working in a team-oriented, collaborative environment. Ability to manage multiple priorities and work across multiple organizations and teams