As a Business Security Manager at Indonesia AirAsia, you will report directly to the Group CISO to provide advice, consultation, and awareness of the Group Information Security requirements to technical teams and other employees, and ensure their implementation. You will be responsible for ensuring internal systems and processes in Indonesia are compliant with information security standards (e.g, ISO 27001, PCI DSS, CIS, NIST CSF, etc); monitoring, managing, and closing information security compliance issues. Other responsibilities include identification, evaluation, and interpretation of standards, regulatory, statutory, and member security requirements, control deficiencies, and information security risks. You are the primary point of contact during information security incidents and are responsible for managing the incident.
WHAT YOU'LL CHAMPION:
Stakeholder Collaboration and Management
- Acts as the primary cybersecurity leader across the business for Thailand, aligning enterprise cybersecurity strategy and roadmap with business objectives.
- Drive and prioritise implementation and integration/adoption of security capabilities within the BU, including embedding security into business digital projects and operations.
- Ensure the business-specific threat landscape, risks, and regulatory drivers are clearly articulated to the CISO teams and validate cyber architecture decisions that meet the business's operational and compliance needs.
- Provide Strategic Threat Briefings to Business Leadership.
Cyber Governance Risk Compliance(In-Country)
- Operationalise Cyber Security Risk Management capabilities such as Business Impact Assessment of the Business unit's digital portfolio of services and applications to identify Crown jewels to be protected in line with Risk appetite.
- Deployment of relevant cybersecurity controls, including required local regulatory compliance, to ensure digital solutions, both applications and services, are developed with a secure-by-design principle.
- Drives Cyber Risk acceptance, risk mitigation, finding management processes, and risk reporting consistently to ensure Cyber Risks are managed and residual risks understood by the leadership.
- Represent cybersecurity in external audits, customer security reviews, and regulatory submissions.
- Actively involved and drive preparations in Business Continuity and Disaster Recovery drills for critical business processes and crown jewels.
- Work with the in-country Data Protection Officer(s) of AirAsia Aviation on data security requirements.
Cyber Defence (In-Country)
- Work with Enterprise Cyber Defence to ensure business assets (e.g., endpoints, network devices, applications, business users, etc.)are updated for purposes of security monitoring and vulnerability management
- Coordinate business communication, impact analysis, business post-incident review, and remediation with the business teams and in compliance with local regulations
Change Management
- Champion Cyber Security Change program activities to drive awareness, behaviours among the business unit, and increase the Cyber Resilience
- Drive implementation and integration/adoption of security capabilities and change management to ensure business alignment and effectiveness.
- Business-level security KPIs/KRIs (e.g., patch compliance, phishing click rates, third-party risk ratings) dashboards, reports to business leaders, and the enterprise CISO.
WHO YOU ARE:
- Bachelor's Degree in Information Technology, or Business with IT, Computer Science, or equivalent
- Minimum 6 years of experience in managing Information Security Governance, Risk Management, and Compliance, Projects/Change Management or related fields
- Relevant industry certification is an advantage (ISO 27001, CISA, CISSP, CGEIT, etc.)
- Working knowledge of common IT/information security-related regulations or standards, especially ISO 27001 and PCI-DSS
- Working knowledge of local information and cybersecurity-related regulations and requirements is a huge advantage
- Ability to develop, review, and maintain documentation in a timely manner
- Strong communication (spoken and written), interpersonal, and conflict resolution skills. The ability to establish and maintain rapport with stakeholders is highly desired.
- Strong analytical and critical thinking skills
- Result-oriented, high level of attention to detail, self-starter and motivator, ability to multitask and adjust to shifting priorities.
