Logo of Phnom Penh Post newspaper Phnom Penh Post - Senior Information Security Officer

Senior Information Security Officer



POSITION/TITLE: Senior Information Security Officer
REPORTS TO: Manager of Information Security
SUPERVISE: Information SecurityOfficers
LOCATION: Phnom Penh, Cambodia


The Senior Information Security officer will direct and oversee information related functions such as IT Governance, Risk and Compliance. Collaborating with various teams, the Senior Information Security Officer will help define and implement standards based security best practices and policies. The Senior Information Security Officer will manage a close relationship with IT and other business units in order to balance security needs with operational and business requirements. The Information Security Manager will oversee the management and mitigation of identified risks and keep the risk register up-to-date.


♦ To develop and maintain the information security policy and accompanying standards, procedures and guidance
♦ To promote security awareness by developing and implementing a security awareness and training programme
♦ Create and execute strategies to improve the reliability and security of IT projects
♦ Work with internal stakeholders to develop relationships to help promote and improve information security and provide security advice on procurements, projects and new initiatives as required
♦ Act as a key liaison between upper-level management, programmers, risk assessment staff and auditors
♦ To investigate suspected and actual security incidents in accordance with the security incident management standard, produce reports with recommendations and ensure any remedial action is taken
♦ Ensuring the security of all key business systems and applications
♦ Manage a diverse team of security administrators and analysts
♦ Assess, test and select new security products and technologies


Other Duties
♦ Assist CBC management with other tasks as required;
♦ Take initiative in doing other task appropriately; and
♦ Other duties as assign by supervisor or line manager.  


♦ Extensive experience in enterprise security and network architecture design, implementation and maintenance
♦ Experience in performing risk assessments and in assessing security of an IT environment including but not limited to servers, applications and networks
♦ Experience with Intrusion Detection and Prevention, DLP, Security Event Management, Vulnerability management, End Point Security, Anti-Virus, Firewalls, Password Management, Change Management and Encryption
♦ Experience with cross functional business projects delivering on key company strategic initiatives
♦ Demonstrated experience managing multiple projects and priorities in a rapidly changing technical environment
♦ CISA, CISM, CISSP, GIAC or other similar professional designations
♦ Ability to think analytically;    
♦ Excellent technical communications skill and documentation;
♦ Strong oral and written communication skills in English and the ability to interact effectively and collaboratively both internally and externally;
♦ Demonstrates the ability to take the initiative and pay close attention to detail;
♦ Honesty, reliability, and a commitment to strict confidentiality; and
♦ Is self-motivated and committed to self-improvement.