DHL Express, Inc. Application Security Manager (RCS J) in Singapore

42044

Overall Role Purpose

  • Provide functional input for the EGAP Application Security framework, ensuring the development and management of application security policies, standards and regulations, best practice guidelines and support tools in line with the DPDHL security policies and Express IT Strategy.

  • Ensure compliance with the DPDHL Information Security Policy, EGAP Security Seal Standards, and responsible for the implementation of fit for purpose application security program globally.

Accountabilities

Customer

  • Implementation of EGAP Security Seal Standards in Express

  • Defines what needs to be implemented for security in all Express projects, and drives the implementation globally.

  • Drives Global awareness trainings and implementation of the EGAP Security Seal standard. Standards

  • Provides reporting to CISO & IT Excom to ensure appropriate visibility to existing and new application vulnerabilities.

  • Ensures that appropriate risk mitigation actions and plans are developed by BIT, ITS and its IT service suppliers.

  • Represents the Express Information Security & Data Protection organization and constitutes the entry point for the application security assessment, risk assessment and treatment process for Customers

  • Participates in IS forums to ensure that approach is up to date with leading edge industry thinking

Stakeholder

  • Reports on the effectiveness of Express Application Security to Management with explicit focus on high risk / high impact assessments and actions being taken for mitigation.

  • Provides guidance and direction to the Audit function on Express potential information risk exposures

  • Coordinates application security assessment activities with entities within Express and external suppliers/customers.

  • Provides input to the design and development of management practices and solutions selected from the information security risk treatment plan

  • Performs Information Security Exemption Management for high or critical risks jointly with Business Partners

  • Maintains an Information Security reporting plan for the areas within his/her responsibility

Process

Application Security Management:

  • Analyzes IT Systems/Application in regards to Confidentiality, Integrity & Availability

  • Supports Risk Owners in identifying and assessing threats to IT Systems and technologies

  • Implements a systematic and structured application security risk assessment process

  • Ensures that application threat and vulnerability evaluations are conducted periodically

  • Identifies and periodically evaluates information security controls and countermeasures to mitigate risks to acceptable levels

  • Integrates risk, threat and vulnerability identification into life cycle processes (e.g. development, procurement, service design)

  • Reports significant changes in application risk to appropriate levels of management and follows up to ensure remediation

People - Management

  • Ensure that right KPIs are agreed for virtual teams and suppliers contributing to the IT Security goals for Express.

  • Plan & conduct IT security training for IT technical and business teams as required.

Desired Skills / Qualifications

  • Degree level or equivalent

  • Formal information security accreditation (e.g. CEH, CISSP, CISM, CISA,CRISC or equivalent experience)

  • 8-10 years minimum in Information Security role

  • 5 years minimum working within multinational – multicultural organisation

  • 5 Years experiences in leading and implementing application security management processes and frameworks

  • 5 Years experiences in application security testing (static/dynamic pen test, active threat hunting experience is added value for consideration)

  • Proven experience in implementing application security policies and risk mitigation actions

  • Broad understanding of IT security and its impact on the business

  • Strong stakeholder management - develops and manages all defined communication channels/stakeholder groups

  • Strong written and communications skills

  • Sound analytic and reasoning skills

  • Seasoned professional in Secure Software Development Lifecycle

  • In depth knowledge of IT Security practices and methodologies