Job Responsibilities

Execution of Security Measures

Implement security measures aligned with the DHL Group Information Security Target Model (ISTM) within the Asia Pacific region.Support the Regional Information Security Officer (RISO) in executing the APAC security mandate.

Security Testing and Assessments

Coordinate and execute security testing of IT services in collaboration with application development teams, product owners, and other stakeholders.Facilitate post-test discussions and triages, providing security-focused guidance.Conduct regular security assessments of critical business processes, applications, and IT systems, ensuring resolution of identified issues with product teams.Supervise penetration tests for cloud and hybrid environments, facilitating risk-based decision-making and proposing mitigations.Proactively identify weaknesses in cloud and hybrid environments and recommend remediation strategies.

Vendor and Application Security

Assist in vendor assessments from a security perspective.Provide expert consultation for assessing new applications and projects in the APAC IT landscape.

Compliance and Reporting

Manage information security processes, standards, and procedures to ensure compliance and control effectiveness.Maintain records of security activities for audit purposes and provide inputs for periodic security reporting.Support RISO in reviewing active security exemptions for regional applications.

Cloud Security

Collaborate with external Security Service Providers to ensure APAC's cloud environments are secure and compliant with group-wide ISTM standards.Coordinate and track remediation efforts for vulnerabilities identified in cloud environments.

Awareness and Communication

Represent the InfoSec function in weekly change review meetings.Support RISO in security awareness activities across the APAC region.Communicate the status of security efforts to RISO and the management team effectively.

Requirements

Minimum 5 years of experience in Information Security with exposure to Governance, Risk Management, and Compliance (GRC).Strong understanding of secured application/system development, cloud security, and security project management.Familiarity with business continuity, disaster recovery, security operations, and incident management is a plus.Proficiency in risk management and cloud security configurations (MS Azure, AWS).Knowledge of cybersecurity best practices and ISO 27000 standards.Basic scripting skills (e.g., Python, PowerShell) and strong knowledge of network security technologies.Effective collaboration with regional and remote stakeholders, including vendors.Strong verbal, written, and presentation skills in English.Industry certifications (e.g., CISSP, CISM) are an advantage.