Travel Retail - IT & Security Manager

Apply now »

Date: 25-Sep-2022

Location: Singapore, 01, SG

Company: Shiseido

MAIN PURPOSE

 

The IT and Security Manager is tagged to Shiseido Travel Retail (STR), whose regional headquarter is based in Singapore.

 

Reporting to the Business System & Process Director, the incumbent is responsible for the IT security landscape of STR and will be in charge of securing the ecosystem, managing data privacy and protection, as well as ensuring the quality of security activities in all TR Markets (including Singapore, EMEA, America, Japan, and Greater China).

 

The incumbent will lead and manage complex projects, support all IT related activities for STR and will work independently to manage the technical constraints.

 

KEY RESPONSIBILITIES

 

IT Security

The incumbent is responsible for enforcing the group's safety policy and standards in STR.

  • Formulate the information security strategies that are aligned to group directions and cater to STR requirements.
  • Lead the development of security and compliance standards in coherence with the group (data classification, cryptography standards, IT charter, JSOX, GDPR).
  • Collaborate with the Group ICT team to define and develop the safety policy, security governance and associated processes for STR.
  • Work closely with related departments to assess the potential IT/security risks within STR, (including the evaluation of security risks of internal and external apps/tools) and put forth recommendations for security control implementation.
  • With guidance from Shiseido Group’s Security team, lead the implementation of security projects and IT solutions for STR, including the evaluation and management of security partners, as well as closely monitor to ensure IT policies have been adhered to within STR.

 

Data privacy management

  • Implement the data privacy for STR per the Shiseido Security Group.
  • Monitor the compliance of the Personal Information Protection Law across TR markets.
  • Provide guidance to stakeholders to manage data risks and prevent the occurrence of data privacy-related incidents.
  • Lead the investigation by partnering closely with service providers and the business leads to conduct relevant testing to diagnose data privacy incidents and subsequently, advise on how to best manage the situation.
  • Maintain documentation of key functional and technical documents related to data privacy.
  • With guidance from HQ, define and deploy the processes/controls of personal data to ensure GDPR compliance (follow EMEA DPO and accountable to HQ) and adhere to country-specific privacy law (such as PDPA/privacy act in Japan).
  • Ensure IT security, privacy requirements are integrated at the design stage of each project.

 

IT Infrastructure

  • Maintain local infrastructure and network (incl. VPN) for STR to ensure optimal operations and to prevent disruptions.
  • Partner with IT shared service to ensure effective implementation of infrastructure across STR.

 

IT Governance & crisis management

  • Manage the crisis of system outages and security attacks.
  • Establish and continue to refine the business continuity plan.
  • Represent STR and join forces with global/regional IT teams to execute projects.

 

 

REQUIREMENTS

  • Bachelor’s degree in Computer Science, Information Systems, or equivalent education
  • 8 – 12 years of relevant experience in IT infrastructure and Security
  • Advanced understanding of Security incident management and ITIL environment
  • Expertise in Privacy and Data Protection
  • Familiarity with China environment (on data privacy) is an added advantage
  • Demonstrate robust problem-solving skills and experience in critical infrastructure solutions
  • Familiarity with a global environment and comfortable working with stakeholders located in different regions
  • Strong written and verbal communication skills
  • Collaborative and proactive
  • Candidates with experience in the Security & systems: Zscaler (Proxy), PA / Fortinet (FW-IPS), Proofpoint (Antispam), CloudFlare (WAF), Okta/RSA SecureID (IAM), Kaspersky (Antivirus) will have an added advantage.


Job Segment: Compliance, Travel Industry, Manager, Legal, Travel, Retail, Management