Addetta mensa

The Regional Chief Information Security Officer (CISO) for APAC serves as the primary security leader for the entire region, reporting to the Group CISO and with a cross‑functional reporting line to the APAC CIO. The role governs and oversees the implementation of Group security policies and programs across APAC, ensuring adherence to global standards while meeting local regulatory obligations.

The Group Information Security function is dedicated to protecting the organization’s information assets through a unified, risk‑based approach to cybersecurity. The function operates across five core domains: Security Governance, Security Architecture, Operations Security, Identity & Access Management (IAM), and Data Protection & Privacy. Regional CISOs extend this governance model to their geographies, ensuring alignment with Group standards and addressing local regulatory and business requirements.

• Act as the regional ambassador for Group Information Security policies, standards, and frameworks.
• Govern locally the core security domains managed centrally by the Group CISO teams.
• Ensure consistent implementation of security programs across APAC entities and sites.
• Facilitate the adoption of Group and regulatory requirements, policies, and controls.
• Streamline reporting into the Group CISO centralized governance and reporting framework.

• Oversee and coordinate with the Local CISO in India, ensuring alignment with Group standards and collecting consolidated reporting.
• Facilitate the rollout of global security initiatives and projects within the region.
• Support regional business units in security‑related decision‑making and risk management.

• Oversee governance of security operations in APAC.
• Ensure BCP/DR plans coverage and alignment with Group.
• Track implementation of security awareness programs adapted to APAC cultural and regulatory contexts.

• Maintain a regulatory watch for APAC jurisdictions (e.g., MAS, IRDAI, CBIRC, APRA).
• Facilitate internal and external audits, regulatory questionnaires, and ensure timely remediation of findings.
• Prepare and coordinate responses for local and regional regulatory inquiries and inspections.
• Ensure timely coordination with the group incident manager and CISO for reporting of critical incidents to regulators as required by local laws.

• Facilitate regional risk assessments and integrate results into the Group risk framework.
• Oversee the integration of third‑party security risk management for vendors operating in APAC.
• Support secure architecture reviews for regional projects.

• Support the security team in the implementation of regional security KPIs, risk dashboards, and compliance status and reporting to the Group CISO.
• Provide regular updates to APAC leadership on security posture and risk exposure.
• Represent APAC in global security groups and forums.

• 10+ years in cybersecurity, with at least 5 years in a leadership role covering multiple geographies.
• Strong understanding of APAC regulatory frameworks (e.g., MAS TRM, IRDAI, CBIRC, APRA CPS 234).
• CISSP, CISM, or equivalent knowledge of ISO 27001, NIST CSF.
• Ability to influence stakeholders and manage cross‑functional teams in a matrix organization.

• Bachelor’s degree in Information Security, Computer Science, or a related field.
• Professional certifications such as CISSP, CISM, CRISC, or ISO 27001 Lead Implementer/Auditor are highly desirable.