Business Information Security Officer

We have an exciting opportunity for a Business Information Security Officer to join our growing Information Security team at the A&O Shearman Singapore Office.

The firm’s ability to keep our clients’ data secure is a bedrock for our reputation as a trustworthy professional services partner to many of the world’s large and prestigious organisations. Information security is not an afterthought; it is core to all that we do, to protect not only our data but that of our clients, and has the unwavering support of the Board.

The in-house Information Security team is a core part of our technology services structure with mature or evolving capability across all areas of digital security and cyber defence. We align our efforts to the NIST framework and other recognised certifications including ISO27001 and SOC2 and strive to keep pace with the continually evolving threat landscape, in support of A&O Shearman’s strategy to lead where global complexity creates opportunity.

In addition, you will have the opportunity to share and gain intel from the firm’s cybersecurity lawyers. The global team have experience advising clients on hundreds of incidents. Leveraging this experience, they feedback practical lessons learned into clients’ cyber risk management and incident response programmes.

The APAC Business Information Security Officer (BISO) is responsible for aligning and implementing the firm’s global information security strategy across the Asia‑Pacific region. Acting as a trusted liaison between the global information security leadership and regional stakeholders, the BISO ensures that global directives are effectively executed while addressing region‑specific challenges. The role supports both global and regional teams by identifying solutions that balance local constraints with global security objectives.

• Act as the primary liaison between the Global CISO and regional leadership, IT, and information security teams, ensuring that directives and initiatives are implemented at the regional level across all business units in the APAC region.
• Build deep relationships with key business leaders in the region, understanding their strategic objectives and how information security may help or hinder those objectives.
• Build and maintain an strategic roadmap for the region which aligns with both business and client priorities, making use of an intimate understanding of the regional business.
• Ensure regional understanding and alignment with the firm’s global information security strategies, goals, and objectives.
• Advocate for global security initiatives and secure buy‑in from regional business and IT stakeholders.
• Maintain a contemporary view of geopolitical dynamics and threat landscape, recommending appropriate management plans.
• Serve as a trusted advisor to APAC Partners and business units on:
  
  • Global security strategy
  • Emerging threats in the legal sector
  • Security initiatives in other regions
  • Other relevant developments

• Assist in developing and maintaining global information security policies, incorporating region‑specific requirements where necessary.
• Ensure compliance with local regulations (e.g., CSL) and industry standards (e.g., ISO 27001, NIST CSF).
• Monitor and enforce compliance within information security policies across regional business units.
• Provide compliance guidance to regional stakeholders.
• Develop and maintain regional security performance metrics and dashboards for leadership reporting.

• Support global and regional teams in overcoming region‑specific barriers to initiative delivery.
• Communicate regional concerns to global leadership and facilitate mutually acceptable solutions.
• Lead the implementation of region‑specific security initiatives aligned with global strategy.
• Advise stakeholders on regional and global security threats and risk levels.
• Maintain a regional risk register and report key risks to the Global CISO and regional leadership.
• Enhance security awareness across APAC business units.
• Collaborate with HR and Learning & Development to deliver targeted training and capability‑building programs.

• As part of the Office of the CISO, act as an escalation point for security incidents, including fulfilling the role of incident commander on a follow‑the‑sun basis. This may involve, for example, providing oversight during APAC office hours for an incident affecting Europe.
• Act as the regional escalation point for local or global security incidents and coordinate with global incident response teams.
• Oversee third‑party vendor assessments to ensure compliance with security standards.
• Contribute to regional security budgeting and resource planning to ensure adequate support for regional strategic initiatives and operational resilience, without undermining the plans and objectives of the global firm.

• Minimum 8 years of experience in information security, with a strong focus on risk management and compliance.
• Proven experience in a global organisation
• In‑depth knowledge of data protection regulations (e.g., GDPR) and industry standards (e.g., ISO 27001, NIST CSF, SOC 2).
• Strong leadership, communication, and interpersonal skills with the ability to influence stakeholders at all levels.
• Outstanding written and verbal presentation skills.
• High levels of integrity and sound judgment.
• Ability to manage multiple priorities in a fast‑paced, dynamic environment.
• Industry‑recognised certifications such as CISSP, CISM, CRISC, or CISA.

• Bachelor’s degree in Computer Science, Information Security, or a related field.
• At least 2 years of leadership experience in the legal or professional services sector.
• Proficiency in one or more APAC regional languages in addition to English.
• Ability to communicate complex cybersecurity concepts to non‑technical audiences.
• Experience leading cyber risk transformation initiatives in matrixed organisations.
• Broad cyber security knowledge across people, processes, technology, and incident management.

We recognise that our people are our most valuable asset, which is reflected in the wide range of benefits that are available to our employees. Some of these benefits include: our occupational pension scheme, group income protection cover, private medical insurance, mental health resources and free apps, health and wellbeing services encompassing GP service, emergency back‑up care support, parental and special leave, holiday entitlement increasing with length of service, holiday trading, online discounts and lifestyle management services.