The Sr. Manager Information Security Officer is responsible for establishing and maintaining a company wide information and security management program to oversee protection of people, assets, infrastructure, and technology from malicious attacks and to ensure that information assets are adequately protected to meet local privacy and security regulations. The role also serves as focal point for all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee, and business information in compliance with the J&J Information Asset Protection Policies. A key element of Korea, the manager will work with executive management to determine acceptable levels of risks for the organization.
[Responsibilities]
Responsibilities
Appointed to local South Korea for cross sector J&J Korea companies will follow below roles and responsibilities as defined by South Korea Privacy and Security Laws
Establish, manage, and operate information security management system
Analyze, assess, and improve information security weaknesses
Prevent and respond to data breach or data incidents as a focal reporting point for any security related incidents
Prepare preventive information protection measures, design, and implement security measures, etc.
Review of information security risk
Assess whether the level of encryption and security server for important data are adequate
Carry out other necessary measures for information security as required by Korea PIPA and Network Act, including ISMS certification, annual information security public disclosure to the Ministry of Science & ICT, cybersecurity insurance.
Responsible for response to inquiries or investigations from Personal Information Protection Commission (PIPC), Korea Internet & Security Agency (KISA) or similar regulatory authorities
Review and rebase line changes in privacy and security laws, closely work with privacy and legal team
Externalize and participate in privacy and security legislation process
Engage with local legal on regulatory requirements and regulator engagement
Lead Korea Privacy & Security project by providing advice and security guidance
Alignment on Risk mitigation and reduction to meet local regulation
Participate in business planning to ensure cybersecurity capabilities are appropriately considered and included in plans. (budget, resource )
Actively advise, assess and lead Business and IT partners in the development of secure information systems and solutions in line with organization’s cybersecurity architecture, IAPP policies and regulatory requirements.
Lead activities for security audit preparation, hosting and follow-up activities and to propose strategies to improve performance in audits.
Facilitate education and training to the organization on cybersecurity procedures and controls.
Provide leadership and drive employee engagement with ownership in the Information Security Committee.
Connect with and report valuable metrics to management and senior leadership.
Timely reporting of security incidents or significant security problems to appropriate personnel.
Act as the main point of contact for security issues for their area of influence.
[Requirements]
A Bachelor’s degree in information security or information technology and a minimum of 10 years of progressive experience in the information security or information technology sector.
Professional security management certification
Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST.
Experience with implementation or review of compliance with local/ international security standards or regulations is preferred
Security certifications such as CISSP, CCSP, ISSAP, CISM, etc. is preferred
Excellent written and verbal communication skills and high level of personal integrity
Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams
Qualified as an ISMS (i.e., information security management systems) certification review member who has been certified by the pertinent certification body for information security management systems; or
Review Penetration Report and consult to the project team and Sr. leaders
Experience in design and implementation of enterprise (security) architecture, cloud security (e.g. AWS, Azure) and/or development of IT solutions or services.
Experience in securing various levels of the enterprise architecture (data, application, host, middleware, network, Infrastructure)
Experience working in complex, fast-paced environments
Experience supporting, leading and influencing security assessments (e.g. SOC Type 2 reporting, PCI, ISO 27001).
Big Picture Thinking / Attention to Detail – align strategic and tactical
Previous experience developing effective and strong partnerships along with relationship building skills with business leaders and IT Partners
Results Orientation/Sense of Urgency – ability to drive to short timelines
Excellent interpersonal skills
Creative problem-solving skills
Customer focus (internal & external)
Fluent in English and Korean (in verbal and written)
Superb communication and collaboration skills, able to network and influence various levels of the organization, cross sector, cross-functionally and globally
Proven ability to influence/collaborate to get to desired result