Information Security & Compliance Officer
Toku’s mission is to help companies engage with their customers efficiently. We have helped companies move all the voice communications to the cloud and recently embarked on creating products that help companies keep engaging with their customers no matter where their employees are working from.
Toku is currently getting into a scale-up mode. We want to continue creating momentum for our products in the APAC regions and helping customers with their communications needs. As we build the Operations foundation, we are looking for an experienced Information Security & Compliance Officer who can help with Toku’s Information Security strategy and enhance a security program that identifies and addresses security and privacy risks and security requirements. Want to be part of our journey?
What would you be doing?
You will report to our Head of Operations. You will be responsible for managing the process of gathering, analysing & assessing the current & future information security and privacy threats to Toku as well as maintain & monitor the information security best practices as they develop. You will work across teams to drive the information security agenda and ensure that it meets complex compliance requirements. Act as an empowered representative of the Head of Operations during IT planning initiatives to ensure that security controls are incorporated into IT projects at the design stage and expectations are clearly defined. You will also play a key role in the evaluation of current Information Security breach management processes and ensure that Toku can meet its mandatory data breach notification obligations should the need arise. If making an impact every day is important to you, and you enjoy tackling new challenges, you will love working at Toku.
- Work with the Head of Operations and technical teams to build information security programs that address information security risks and compliance requirements.
- Manage the process of gathering, analysing, and assessing the current and future threat landscape, as well as providing the team with a realistic overview of risks and threats in the enterprise environment.
- Lead the preparation of organisational Information Security audits.
- Monitor and report on compliance with security policies, as well as the enforcement of policies across Toku.
- Evaluation of compliance with stakeholder requirements, including response to requirement specifications from potential customers.
- Evaluate and update new & existing policies and procedures to ensure operating efficiency and regulatory compliance.
Architecture / Engineering Support
- Consult with Product teams to ensure that security is factored into the evaluation, selection, installation and configuration of hardware, applications, and software as part of Privacy by Design and Default.
- Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
- Research, evaluate, design, test, recommend or plan the implementation of new or updated information security hardware or software, and analyse its impact on the existing environment; provide technical and managerial expertise for the administration of security tools.
- Develop a strong working relationship with the Tech teams to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements.
- Manage and coordinate operational components of security incident management, including detection response and reporting.
- Manage the day-to-day activities of threat and vulnerability management, identify risk tolerances, recommend treatment plans, and communicate information about residual risk.
- Manage security projects and provide expert guidance on security matters for other IT projects.
- Evaluate requests for exceptions to policies, ensuring sufficient mitigating controls are in place.
- Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and follow policies and audit requirements.
Information Security Liaison
- Provide Information security communication, awareness, and training to the appropriate teams in Toku.
- Engage effectively with appropriate external networks and external professional bodies.
- Stay abreast of regulatory changes including cybersecurity developments and their impact on IT requirements, including relevant data privacy requirements.
- Continuously improve processes and implement tools for policy management.
We would love to hear from you if you have:
- Degree in Computer Science or a technology-related field
- Possess 5-10 years of relevant work experience.
- Professional information security certification like Certified Information Systems Security Professional (CISSP).
- Proven experience in information security and compliance related disciplines.
- Solid knowledge of various information security frameworks including DNS, routing, authentication, VPN, proxy servers, DDOS mitigation technologies, threat modelling, firewall, and intrusion detection/prevention protocols.
- Coordinate the continuous development, implementation and updating of security and privacy policies, standards, guidelines, baselines, processes, and procedures in compliance with Singapore regulations and standards.
- Identify acceptable levels of residual risk and assist with action plans, policy, and procedural changes for risk mitigation.
- Outstanding organizational, analytical, and troubleshooting skills