Business Information Security Officer

• Responsible for management of information security and data privacy for the LBU and report to Group.
• Coaches and provides sound information security and data privacy direction, advice and consultation to business group.
• Serves as primary point of contact for businesses, functions, or affiliates for information security and privacy.
• Focuses on delivering business value from the information security and data privacy program.
• Helps ensure significant information security and privacy risks, and associated control deficiencies are escalated to GISP and business Leadership for information or action.
• Works with the business to ensure appropriate communicate channels are in place, and provides information security and data privacy related updates to business, function, or affiliates as appropriate.
• Leads regular meetings with assigned business unit management to cover pertinent security and privacy management.
• Coaches and provides sound information security direction, advice and consultation to business groups
• Facilitates assessments over information security management controls and third-party assessments.
• Facilitates implementation of appropriate access using knowledge of business roles and assists management with performing regular access certifications.
• Proactively engages the businesses to identify, document and drive remediation of risks by working with the business to design, implement or otherwise improve control activities to achieve Information Security objectives.
• Leads data protection program within each of the business units assigned, including unstructured data classification activities.
• Participates in the identification of Information Security Training and Awareness needs assessment on a regular basis and supports implementation of Information Security training and awareness plan and associated activities.
• Ensures stakeholders understand the state of the controls they are accountable for and understand their responsibilities as to risk mitigation and remediation.
• Provides direction on process improvements, remediating control gaps, and enhancing current tools for strengthening the overall information security control posture.
• Advises the business on security policies and standards to achieve security objectives and reduce the likelihood and impact of security risks.
• Plans and coordinates Information Security projects and initiatives within the business according to established plans and timelines.
• Works to ensure monitoring and tracking of country, state and federal regulations pertinent to information security and privacy within the assigned business area(s).
• Liaises and facilitates internal audit, external audit, investigation and compliance review of security activities employed by the business.
• Coordinates the understanding and reporting on the overall information security risk posture of the business unit, providing a holistic view of vulnerabilities and associated risks to the business and Information Security.
• Support Privacy function to implement privacy policies, standards, and procedures within Local Business Unit.
• Advice business functions or perform PIA (wherever required) for events listed within Group Privacy Standards.
• Work with relevant teams to ensure the company has and maintains appropriate privacy information statements, notices, data subject procedures, and consent collection and record procedures in line with local privacy regulation or Group Privacy Standards.
• Analyze the types of breaches of any privacy law or regulation (through privacy gap analysis) within company and follow up on actions to mitigate these gaps.
• Advise business on local reporting/notification in the event of data security breach.
• Work closely with Local legal, Risk and Compliance to support businesses in the event of privacy complaints by data subject or regulator, and inclusion of relevant data privacy and protection terms in third party contracts.
• Implement programs to enhance data privacy training and awareness (in coordination with Information Security).

• Language proficiency level:

• Familiar and experience in managing compliance assessment on information security and privacy related regulations and laws in Taiwan, including in liaising with auditors and regulators to demonstrate control effectiveness and coverage.
• Able to work and spread positive "security awareness and control due-diligence" influence with people from various level of the organization effectively.
• Technically competent to be able to translate information security topics, initiatives / program into something that is digestible for stakeholders outside of information security community.
• Display subject matter experience in diverse information security areas (e.g. application security, Cloud security, Vulnerability Management, agile lifecycle management, DevSecOps, etc)
• Strong business acumen within the insurance / financial services industry and related operational fields.
• Knowledge of industry control framework, best practice, and regulatory landscape
• Risk Management - Able to provide information security advises and opinions that continuously strike the right balance between controls enforcement, risk appetite and nett risk exposure.
• High analytical skills and the ability to analyse environments for potential risks or vulnerabilities.
• Strong stakeholder management communication skills (written and verbal) and ability to discuss strategy at a senior management level.
• Organisational awareness and strong emotional intelligence to successfully navigate and get things done in an organization going through change.

Prudential