APAC Regional Information Security Risk Manager

Primary Function 

The APAC Regional Information Security Risk Manager will develop strategic objectives based on Enterprise Cyber Security direction; lead implementation of cyber security program; cyber awareness alignment across regional lines of business.

The APAC Regional Information Security Risk Manager will develop strong understanding of the APAC business presence.  The role will develop strong understanding of regional cyber laws as well as the cyber risks in the region and formulate strategies to mitigate such risks. This role is the key point of contact for all Cybersecurity related matters, ensuring delivery and support of all Enterprise Cyber Security programs and solutions in the region.

This role will work directly and collaboratively with Enterprise Cyber Security and IT functions, local IT teams and local business partners.
 

Core Job Responsibilities:

• Align the regional / country business leadership’s direction with Enterprise Cyber Security strategy.
• Be Enterprise Cyber Security liaison in the region / country and the main cyber contact for the region / country.  
• Facilitate and bring security oversight to integration of Abbott’s acquisitions in the region. 
• Serve as the regional cybersecurity leader to provide oversight to regional cybersecurity staff with direct or dotted line relationship to the role to support effective delivery of global cybersecurity services
• Represent Abbott’s position on cybersecurity in approved external industry forums, such as APAC MedTech and others.
• Oversee and manage implementation of applicable cybersecurity certifications and directives for regional business units to comply with contractual and regulatory responsibilities
• Represent each part of Enterprise Cyber Security within the region– 
  • Governance & Policy – be the subject matter expert on Regional cyber laws, requirements as well as global Abbott cyber policies.  Identify gaps and propose changes or edits to local or global policies. Facilitate the implementation of cyber-requirements needed to be met within the country / region. Be the subject matter expert on local cyber laws and compliances.
  • Risk Management – Assess the cyber risk within the region / country.  Maintain visibility and awareness to cyber risks. Keep Enterprise Cyber Security as well as in country / region teams (IT, affiliate, business) informed of the current risk posture and recommended controls to alleviate the risk. 
  • Incident Response (IR) – assist in region / country connect with the Cyber Incident Response team when a Cyber incident is identified.  Be the in country / region IR liaison during a cyber incident.
  • Education & Awareness – work on cyber training and awareness programs that are focused on the region and country. Work with the Education & Awareness team to create content and training for the region / country.
  • Operations – Assist Operations with technical issues pertaining to cyber tools and technology
     

Education and Experience Required:

• Bachelor's degree in Information Security, Computer Science, or related field; or equivalent experience
• 10+ years of hands-on experience directly related to the area of threat and vulnerability management, web application security, penetration testing or cyber threat intelligence
• Experience with large scale environments like Abbott
• 3+ years with vulnerability scanners like Rapid 7, InsightVM, Qualys, OpenVAS