DHL Express, Inc. Application Security Manager (RCS J) in Singapore
Overall Role Purpose
Provide functional input for the EGAP Application Security framework, ensuring the development and management of application security policies, standards and regulations, best practice guidelines and support tools in line with the DPDHL security policies and Express IT Strategy.
Ensure compliance with the DPDHL Information Security Policy, EGAP Security Seal Standards, and responsible for the implementation of fit for purpose application security program globally.
Implementation of EGAP Security Seal Standards in Express
Defines what needs to be implemented for security in all Express projects, and drives the implementation globally.
Drives Global awareness trainings and implementation of the EGAP Security Seal standard. Standards
Provides reporting to CISO & IT Excom to ensure appropriate visibility to existing and new application vulnerabilities.
Ensures that appropriate risk mitigation actions and plans are developed by BIT, ITS and its IT service suppliers.
Represents the Express Information Security & Data Protection organization and constitutes the entry point for the application security assessment, risk assessment and treatment process for Customers
Participates in IS forums to ensure that approach is up to date with leading edge industry thinking
Reports on the effectiveness of Express Application Security to Management with explicit focus on high risk / high impact assessments and actions being taken for mitigation.
Provides guidance and direction to the Audit function on Express potential information risk exposures
Coordinates application security assessment activities with entities within Express and external suppliers/customers.
Provides input to the design and development of management practices and solutions selected from the information security risk treatment plan
Performs Information Security Exemption Management for high or critical risks jointly with Business Partners
Maintains an Information Security reporting plan for the areas within his/her responsibility
Application Security Management:
Analyzes IT Systems/Application in regards to Confidentiality, Integrity & Availability
Supports Risk Owners in identifying and assessing threats to IT Systems and technologies
Implements a systematic and structured application security risk assessment process
Ensures that application threat and vulnerability evaluations are conducted periodically
Identifies and periodically evaluates information security controls and countermeasures to mitigate risks to acceptable levels
Integrates risk, threat and vulnerability identification into life cycle processes (e.g. development, procurement, service design)
Reports significant changes in application risk to appropriate levels of management and follows up to ensure remediation
People - Management
Ensure that right KPIs are agreed for virtual teams and suppliers contributing to the IT Security goals for Express.
Plan & conduct IT security training for IT technical and business teams as required.
Desired Skills / Qualifications
Degree level or equivalent
Formal information security accreditation (e.g. CEH, CISSP, CISM, CISA,CRISC or equivalent experience)
8-10 years minimum in Information Security role
5 years minimum working within multinational – multicultural organisation
5 Years experiences in leading and implementing application security management processes and frameworks
5 Years experiences in application security testing (static/dynamic pen test, active threat hunting experience is added value for consideration)
Proven experience in implementing application security policies and risk mitigation actions
Broad understanding of IT security and its impact on the business
Strong stakeholder management - develops and manages all defined communication channels/stakeholder groups
Strong written and communications skills
Sound analytic and reasoning skills
Seasoned professional in Secure Software Development Lifecycle
In depth knowledge of IT Security practices and methodologies