Flight Centre Travel Group (ASX:FLT) has grown to be the world’s largest travel agency since its founding in 1982. Headquartered in Brisbane, Australia, the company has more than 30 brands in its portfolio, 3000 retail shops worldwide and employs around 20,000 people. After starting as a leisure travel agency, the company is now also one of the world’s largest corporate travel managers through a network of specialist brands that includes FCM Travel Solutions, Corporate Traveller, cievents, Campus Travel and Stage and Screen.
Operating in more than 90 countries and employing over 6000 people, FCM is transforming the business of travel through our empowered and accountable people who deliver a high level of service and a comprehensive technology suite bringing a wide range of solutions for Duty of Care, Reporting and Traveller’s peace of mind. Leveraging FCM’s negotiating strength and supplier relationships in conjunction with our tailored business travel programs, our expertise and our innovative technology, we logically become the partner of choice of our customers.
About the Opportunity
FCM Asia, the flagship business travel arm of Flight Centre Travel Group, is looking for a forward looking and dynamic leader to provide direction for the security technologies and capabilities within the Asia businesses within the organisation and drive the regional security practice. The IT Security Leader, Asia, will have a strong understanding of security and privacy principles, and a sound understanding of the regulatory environment affecting the business.
The IT Security Leader, Asia will need to have a solid understanding of the business drivers affecting security within the company as well as providing up to date security expertise across the region. The IT Security Leader will lead the design, implementation, operation, and maintenance of the information security management system within the company.
Key Objectives
Maintain security posture for FCM businesses in line with FCTG’s policies.
Apply security controls, using operational processes and procedures
Align businesses with PCI-DSS, Data Privacy, NZISM and ISO27001
Incident response actions across multiple environments and technologies, including working with partners and vendors.
Work alongside and support leaders on Projects, Privacy, Policies and other security matters as part of a high performing team
Key Responsibilities
Security Risk Management
Work with IT Director, CISO and Risk to identify risk exposure and manage the security risk to the organisation within the risk appetite
Review and evaluate new security technologies and practices for introduction into the organisation to reduce risk
Implement a systematic and structured process for the identification and management of security risks
Security Governance
Review, maintain, and disseminate security policies in line with FCTG’s risk appetite, security strategy, relevant laws and security standards, and best practice
Implement, monitor and review security controls in accordance with the organisation’s security policy and business drivers
Lead the implementation and management of an internal and external audit and security testing program to validate compliance with security policy
Monitor new threats as they evolve and adjust risk management plans and security controls as necessary
Assess the security of 3rd parties with whom FCTG has a requirement to share information or business processes
Assess and communicate information security risks and issues to stakeholders
Identify opportunities for continuous improvement.
Security Management
Lead the design, implementation, operation, and maintenance of the information security management system for the businesses
Work with architecture and delivery teams to ensure projects and applications are designed and implemented in line with security policy and best practice
Custodian of the Information security awareness initiative and provision of training (policies, procedures, communication) to all staffs on a periodic basis
Liaise with business and project stakeholders as required to provide security guidance and input
Incident Response
Lead, manage and resolve IT security incidents and escalations in a timely manner
Ensure security learnings are recorded, and improvement strategies are tracked and delivered
Assist in the Technical Asia Security Operations requirements
Requirements
4+ years of experience in information security or technical operations role
Background in Digital systems or IT desirable.
2+ years in an information security leadership role
Self-awareness and exceptional ‘EQ’ and soft skills
Demonstrated highly developed oral and written English communication skills, with the ability to communicate comfortably with large groups and executives, and to articulate technology visions and solutions to non-technical stakeholders
Ability to take the initiative, make informed and measured decisions and deliver outcomes from those decisions
Ability to analyse and simplify complex problems, evaluate them systematically, identify causal relationships and construct frameworks for problem solving
Ability to think ahead and establish an appropriate course of action considering the constraints imposed
In-depth experience in incident investigation and forensics
Experience with solutioning and implementation of security tools such as Log management, IPS/IDS, Anti-DDoS, SIEM, Data Leakage Prevention, Proxy, Automation & Orchestration, AV, CASB and FW.
Ethical Hacking (Pentesting), Intrusion Prevention, Incident Response, Forensics, MITRE Framework and Vulnerability
Experience in design and implementation of a secure infrastructure on major Cloud platform providers and have knowledge of cloud security best practices and industry security requirements
In-depth knowledge of Security frameworks such as ISO27002, PCI DSS
Relevant security certifications such as CISSP/CISM, CEH
Mandarin language proficiency is an advantage as you will need to handle the China market
Apply NOW if you want to be part of an amazing and vibrant culture that is the perfect fit for what you are looking for.You will have: