Information Security Specialist - Military veterans preferred

Job Responsibilities

Execution of Security Measures

• Implement security measures aligned with the DHL Group Information Security Target Model (ISTM) within the Asia Pacific region.
• Support the Regional Information Security Officer (RISO) in executing the APAC security mandate.

Security Testing and Assessments

• Coordinate and execute security testing of IT services in collaboration with application development teams, product owners, and other stakeholders.
• Facilitate post-test discussions and triages, providing security-focused guidance.
• Conduct regular security assessments of critical business processes, applications, and IT systems, ensuring resolution of identified issues with product teams.
• Supervise penetration tests for cloud and hybrid environments, facilitating risk-based decision-making and proposing mitigations.
• Proactively identify weaknesses in cloud and hybrid environments and recommend remediation strategies.

Vendor and Application Security

• Assist in vendor assessments from a security perspective.
• Provide expert consultation for assessing new applications and projects in the APAC IT landscape.

Compliance and Reporting

• Manage information security processes, standards, and procedures to ensure compliance and control effectiveness.
• Maintain records of security activities for audit purposes and provide inputs for periodic security reporting.
• Support RISO in reviewing active security exemptions for regional applications.

Cloud Security

• Collaborate with external Security Service Providers to ensure APAC's cloud environments are secure and compliant with group-wide ISTM standards.
• Coordinate and track remediation efforts for vulnerabilities identified in cloud environments.

Awareness and Communication

• Represent the InfoSec function in weekly change review meetings.
• Support RISO in security awareness activities across the APAC region.
• Communicate the status of security efforts to RISO and the management team effectively.

Requirements

• Minimum 5 years of experience in Information Security with exposure to Governance, Risk Management, and Compliance (GRC).
• Strong understanding of secured application/system development, cloud security, and security project management.
• Familiarity with business continuity, disaster recovery, security operations, and incident management is a plus.
• Proficiency in risk management and cloud security configurations (MS Azure, AWS).
• Knowledge of cybersecurity best practices and ISO 27000 standards.
• Basic scripting skills (e.g., Python, PowerShell) and strong knowledge of network security technologies.
• Effective collaboration with regional and remote stakeholders, including vendors.
• Strong verbal, written, and presentation skills in English.
• Industry certifications (e.g., CISSP, CISM) are an advantage.