Business Information Security Officer

Job description

We have an exciting opportunity for a Business Information Security Officer to join our growing Information Security team at the A&O Shearman Singapore Office.

Department purpose
The firm’s ability to keep our clients’ data secure is a bedrock for our reputation as a trustworthy professional services partner to many of the world’s large and prestigious organisations. Information security is not an afterthought; it is core to all that we do, to protect not only our data but that of our clients, and has the unwavering support of the Board. 
The in-house Information Security team is a core part of our technology services structure with mature or evolving capability across all areas of digital security and cyber defence. We align our efforts to the NIST framework and other recognised certifications including ISO27001 and SOC2 and strive to keep pace with the continually evolving threat landscape, in support of A&O Shearman’s strategy to lead where global complexity creates opportunity. 
In addition, you will have the opportunity to share and gain intel from the firm’s cybersecurity lawyers. The global team have experience advising clients on hundreds of incidents. Leveraging this experience, they feedback practical lessons learned into clients’ cyber risk management and incident response programmes. 

Role purpose
The APAC Business Information Security Officer (BISO) is responsible for aligning and implementing the firm’s global information security strategy across the Asia-Pacific region. Acting as a trusted liaison between the global information security leadership and regional stakeholders, the BISO ensures that global directives are effectively executed while addressing region-specific challenges. The role supports both global and regional teams by identifying solutions that balance local constraints with global security objectives.

What you will do
APAC Regional Advocacy and Strategic Alignment:

• Act as the primary liaison between the Global CISO and regional leadership, IT, and information security teams, ensuring that directives and initiatives are implemented at the regional level across all business units in the APAC region.
• Build deep relationships with key business leaders in the region, understanding their strategic objectives and how information security may help or hinder those objectives.
• Build and maintain a strategic roadmap for the region which aligns with both business and client priorities, making use of an intimate understanding of the regional business.
• Ensure regional understanding and alignment with the firm’s global information security strategies, goals, and objectives.

• Advocate for global security initiatives and secure buy-in from regional business and IT stakeholders.
• Maintain a contemporary view of geopolitical dynamics and threat landscape, recommending appropriate management plans.
• Serve as a trusted advisor to APAC Partners and business units on:
  • Global security strategy
  • Emerging threats in the legal sector
  • Security initiatives in other regions
  • Other relevant developments

APAC Regional Compliance and Policy Development:

• Assist in developing and maintaining global information security policies, incorporating region-specific requirements where necessary.
• Ensure compliance with local regulations (e.g., CSL) and industry standards (e.g., ISO 27001, NIST CSF).
• Monitor and enforce compliance with information security policies across regional business units.
• Provide compliance guidance to regional stakeholders.
• Develop and maintain regional security performance metrics and dashboards for leadership reporting.

APAC Regional Support and Implementation:

• Support global and regional teams in overcoming region-specific barriers to initiative delivery.
• Communicate regional concerns to global leadership and facilitate mutually acceptable solutions.
• Lead the implementation of region-specific security initiatives aligned with global strategy.
• Advise stakeholders on regional and global security threats and risk levels.
• Maintain a regional risk register and report key risks to the Global CISO and regional leadership.
• Enhance security awareness across APAC business units.

• Collaborate with HR and Learning & Development to deliver targeted training and capability-building programs.

Operational Oversight:

• As part of the Office of the CISO, act as an escalation point for security incidents, including fulfilling the role of incident commander on a follow-the-sun basis. This may involve, for example, providing oversight during APAC office hours for an incident affecting Europe.
• Act as the regional escalation point for local or global security incidents and coordinate with global incident response teams.
• Oversee third-party vendor assessments to ensure compliance with security standards.
• Contribute to regional security budgeting and resource planning to ensure adequate support for regional strategic initiatives and operational resilience, without undermining the plans and objectives of the global firm.

What you will have
Essential:

• Minimum 8 years of experience in information security, with a strong focus on risk management and compliance.
• Proven experience in a global organisation
• In-depth knowledge of data protection regulations (e.g., GDPR) and industry standards (e.g., ISO 27001, NIST CSF, SOC 2).
• Strong leadership, communication, and interpersonal skills with the ability to influence stakeholders at all levels.
• Outstanding written and verbal presentation skills.
• High levels of integrity and sound judgment.
• Ability to manage multiple priorities in a fast-paced, dynamic environment.
• Industry-recognised certifications such as CISSP, CISM, CRISC, or CISA.

Desirable:

• Bachelor’s degree in Computer Science, Information Security, or a related field.

• At least 2 years of leadership experience in the legal or professional services sector.
• Proficiency in one or more APAC regional languages in addition to English.
• Ability to communicate complex cybersecurity concepts to non-technical audiences.
• Experience leading cyber risk transformation initiatives in matrixed organisations.
• Broad cyber security knowledge across people, processes, technology, and incident management

---

A&O Shearman is a new global industry-leading law firm, with nearly 50 offices in 29 countries worldwide. Our fluency in English law, US law, and the laws of the world’s most dynamic markets, enables us to provide unmatched insight and seamless delivery to clients. We work on challenging and important deals and disputes that have the potential to shape the future.

We offer exceptional opportunities for our people; opportunities to work for the world’s leading businesses; to transform the status quo, and to deliver your best work, helping you and your career to thrive, while delivering unparalleled outcomes for our clients.

Whether you're helping clients solve complex challenges, transforming the ways we manage our business, or ensuring the smooth-running of our operations, this is an environment where you can belong and excel. We provide first-rate training and development, we are committed to diversity, equity and inclusion and we provide support and ways of working that help you optimise your wellbeing.

What truly defines a career with us? We recruit the best and ask for the best of you. And together, we will redefine success.
[#video#https://youtu.be/WLYCYtSfJoc{#400,300#}#/video#]