At Informa, no two days and no two people are the same, and you'll find the freedom, opportunity and support of a fantastic community to make a real impact. We’re an international business that connects specialists with knowledge, helping them to learn more, know more and do more through live and on demand events, digital and data-driven services and academic research. We are home to over 14,000 colleagues across 30 countries and are a member of the UK’s FTSE 100 group of leading public companies. In Global Support, we provide expert guidance and hands-on support to the Informa Group and Informa’s many business teams. Across tech, finance, legal, corporate development, HR, communications, operations and many other areas, we work collaboratively and flexibly to help our brands serve their customers and help the company succeed.

Purpose of the Role & Team Profile

The Head of InfoSec - APAC will lead and coordinate security initiatives across the businesses within the Asia-Pacific region. This role will take strategy and policy forward and drive implementation and delivery for Information Security. The Head of InfoSec – APAC will oversee security and compliance operations within the APAC Informa divisions of Informa Plc, working closely with the Group and Divisional technology functions, Privacy and other Group and Divisional teams to deliver information security compliance.

The Head of InfoSec – APAC will, in the interim, report to the Group CISO and then the Director of Cyber Defence and Strategic Operations.

Key interactions

• Chief Information Security Officer
• Privacy Officer, China
• APAC Divisional Technology teams
• APAC Divisional Stakeholders
• Divisional Information Security Officers
• Head of IT Security/Cyber Operations
• Internal Audit department, China

Key Areas of Responsibility/Accountability

• Have region-specific understanding of the critical business assets, risks and mitigation plans
• Drive region-specific control implementations or special programmes, where deemed necessary based on risk assessments or local regulatory requirements
• Define and embed security-by-design principles across delivery teams
• Liaise with local authorities and regulatory bodies to ensure compliance with local cybersecurity laws and regulations
• Work closely with Group Privacy team
• Working closely with legal/privacy to understand impact of new/existing Cybersecurity regulations
• Conduct/support regular vulnerability and penetration testing across the division’s IT infrastructure and web services, working with web teams and 3rd parties to remediate any vulnerabilities
• Monitoring and reporting of relevant business IT Systems for security and compliance best practices
• Be the APAC first responder to any Information Protection incidents
• Evaluates potential security incidents and recommend corrective actions
• Identify and implement processes that methodically track: governance objectives, risk ownership/accountability, compliance with policies and conclusions that are set through the governance process, risks to those objectives and the effectiveness of risk mitigation and controls
• Providing input into approval of changes and prioritisation of the Change Management process to ensure risks that could be introduced to the IT environment because of proposed changes are identified and adequately managed through to resolution
• As a member of the CISO’s team, contribute to the overall strategic and operational management of Informa’s enterprise security and risk management agenda
• Support security awareness campaigns within the region
• Support, run or participate in Group-wide security initiatives and activities as directed and represent the APAC region at the cross-divisional Information Security meeting
• In association with the Security Architecture team advise APAC IT/Product teams on security architecture relating to digital design and control implementation

Desirable:

• Candidates should be working in the security industry or certified if one or several areas of security, including Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Systems Security Certified Professional (SSCP)
• Experience with IT Security Architecture or a System/Software Development background
• Knowledge of web application security, data security, public cloud security as well as experience in implementing secure development and testing processes

Key Outputs and Outcomes

• Implementation of Security Measures: Successful deployment of Information Security solutions & processes across the region
• Risk Management: Identification, evaluation, and mitigation of security risks to the region’s information assets
• Incident Response: In association with Group Information Security enhancement and execution of regional incident response plans to handle security incidents / breaches effectively
• Compliance and Governance: Ensuring that the region adheres to regional and global information security standards and regulations
• Security Awareness: Support Group Information Security with training programs to improve security awareness among colleagues

Measures of Success 

• Reduction in Security Incidents: A decrease in the number of security breaches or successful cyber attacks
• Compliance Rates: Achieving high compliance rates with internal policies and external regulations
• Response Time: Improvement in the speed and effectiveness of regional incident response
• Stakeholder Satisfaction: Positive feedback from stakeholders regarding the Information Security measures and protocols in place

What we’re looking for

The ideal candidate profile will include the following points:

• 5+ years in cybersecurity role in a large international organisation
• Strong fluency in both English and Mandarin
• Clear and abiding interest in information security
• Experience in implementing a secure development lifecycle and working with Privileged Access Management
• Ability to identify areas for improvement and recommending how to improve them
• The ability to interact with Informa colleagues, build good relationships at all levels and across all business units and organisations, and the ability of influence stakeholders of all levels
• Excellent verbal, written and interpersonal communication skills. Listens and communicates technical subjects to both technical and nontechnical audiences, flexes style to suit the needs of the audience
• Ability to work with others effectively, with 3rd parties, internal teams, and international business units, promoting knowledge sharing within and across teams
• Demonstrable experience of managing and motivating cross-functional, interdisciplinary teams to achieve tactical and strategic goals in a matrixed organisational structure
• Highly self-motivated and directed, with keen attention to detail
• A good understanding of security frameworks including ISO27001 / NIST / CIS / COSO / RMF / PCI DSS / HIPAA
• Awareness and experience of China Personal Information Protection Law (PIPL) and Multi-Level Protection Scheme (MLPS)

We work hard to make sure Life at Informa is rewarding, supportive and enjoyable for everyone. Here’s some of what you can expect when you join us. But don’t just take our word for it – see what our colleagues have to say at LifeAt.Informa.com

Our benefits include:

• Great community: a welcoming culture with in-person and online social events, our fantastic Walk the World charity day and active diversity and inclusion networks 
• Broader impact: take up to four days per year to volunteer, with charity match funding available too
• Career opportunity: the opportunity to develop your career with bespoke training and learning, mentoring platforms and on-demand access to thousands of courses on LinkedIn Learning. When it’s time for the next step, we encourage and support internal job moves
• Time out: annual leave plus a birthday leave day and the chance to work from (almost!) anywhere for up to four weeks a year 
• A flexible range of personal benefits to choose from, plus company funded private medical cover
• A ShareMatch scheme that allows you to become an Informa shareholder with free matching shares
• Strong wellbeing support through EAP assistance, mental health first aiders, access to health apps and more
• Recognition for great work, with global awards and kudos programmes 
• As an international company, the chance to collaborate with teams around the world

We’re not solely focused on a checklist of skills. We champion energy and ambition and look for colleagues who will roll their sleeves up, join in and help make things happen. If it sounds like a match and you have most – although not all – of the skills and experience listed, we welcome your application. If you would like to request reasonable adjustments or accommodations to assist your participation in the 
hiring process and, or in the advertised position, please inform the appropriate Talent Acquisition Partner 
for the role once they have been in touch. Your request will be reviewed and considered in confidence. At 
Informa, you'll find inclusive experiences and environments where all perspectives and backgrounds are 
welcomed. As part of this approach and our diversity and inclusion commitments, we are also formally an Equal Opportunities Employer. This means we base decisions on relevant qualifications and merit and do not discriminate on the basis of key characteristics and statuses, including all of those protected by law.  Ask us or see our website for full information.

See how Informa handles your personal data when you apply for a job here.