Job Description

The Regional CISO - APAC serves as the primary security leader for the APAC region, reporting to the Group CISO and with a cross-functional reporting line to the APAC CIO This role is responsible for governing and overseeing the implementation of Group security policies and programs across APAC, ensuring adherence to global standards while meeting local regulatory obligations. The Regional CISO will govern the five security domains at the regional level, facilitate regulatory compliance, streamline reporting into the Group CISO governance framework, and coordinate with local security leaders, including the Local CISO in India. Additionally, the role ensures readiness for audits, regulatory reviews, and incident response, acting as a trusted advisor to regional leadership on cybersecurity risk and resilience.

Context

The Group Information Security function is dedicated to protecting the organization’s information assets through a unified, risk-based approach to cybersecurity. The function operates across five core domains: Security Governance, Security Architecture, Operations Security, Identity & Access Management (IAM), and Data Protection & Privacy Each domain is managed centrally by specialized teams under the Group CISO, ensuring global consistency and compliance. Regional CISOs play a critical role in extending this governance model to their respective geographies, ensuring alignment with Group standards while addressing local regulatory and business requirements. They act as the bridge between global strategy and regional execution, enabling effective risk management and regulatory compliance.

Key duties and responsibilities

1. Security Governance & Strategic Alignment

• Act as the regional ambassador for Group Information Security policies, standards, and frameworks.
• Govern locally the core security domains managed centrally by the Group CISO teams.
• Ensure consistent implementation of security programs across APAC entities and sites.
• Facilitate the adoption of Group and regulatory requirements, policies, and controls.
• Streamline reporting into the Group CISO centralized governance and reporting framework.

2. Regional Oversight & Coordination

• Oversee and coordinate with the Local CISO in India, ensuring alignment with Group standards and collecting consolidated reporting.
• Facilitate the rollout of global security initiatives and projects within the region.
• Support regional business units in security-related decision-making and risk management.

3. Operational Security Governance

• Oversee governance of security operations in APAC, including:
  • Incident response facilitation and escalation.
  • Vulnerability management follow-up.
  • SOC response coordination for regional incidents.
• Ensure BCP/DR plans coverage and alignment with Group.
• Track implementation of security awareness programs adapted to APAC cultural and regulatory contexts.

4. Compliance & Regulatory Engagement

• Maintain a regulatory watch for APAC jurisdictions (e.g., MAS, IRDAI, CBIRC, APRA).
• Facilitate internal and external audits, regulatory questionnaires, and ensure timely remediation of findings.
• Prepare and coordinate responses for local and regional regulatory inquiries and inspections.
• Ensure timely coordination with the group incident manager and CISO for reporting of critical incidents to regulators as required by local laws.

5. Risk Management & Third-Party Security

• Facilitate regional risk assessments and integrate results into the Group risk framework.
• Oversee the integration of third-party security risk management for vendors operating in APAC.
• Support secure architecture reviews for regional projects.

6. Reporting & Communication

• Support the security team in the implementation of regional security KPIs, risk dashboards, and compliance status and reporting to the Group CISO.
• Provide regular updates to APAC leadership on security posture and risk exposure.

Represent APAC in global security working groups and forums

Required experience & competencies

• 10+ years in cybersecurity, with at least 5 years in a leadership role covering multiple geographies.

• Strong understanding of APAC regulatory frameworks (e.g., MAS TRM, IRDAI, CBIRC, APRA CPS 234).

• CISSP, CISM, or equivalent; knowledge of ISO 27001, NIST CSF.

• Ability to influence stakeholders and manage cross-functional teams in a matrix organization.

Required Education

• Bachelor's degree in Information Security, Computer Science, or a related field.

• Professional certifications such as CISSP, CISM, CRISC, or ISO 27001 Lead Implementer/Auditor are highly desirable.

As a leading global reinsurer, SCOR offers its clients a diversified and innovative range of reinsurance and insurance solutions and services to control and manage risk. Applying “The Art & Science of Risk,” SCOR uses its industry-recognized expertise and cutting-edge financial solutions to serve its clients and contribute to the welfare and resilience of society in around 160 countries worldwide.

Working at SCOR means engaging with some of the best minds in the industry – actuaries, data scientists, underwriters, risk modelers, engineers, and many others – as we work together to find solutions to pressing challenges facing societies.

As an international company, our common culture is defined by “The SCOR Way.” Serving both to build momentum that drives the Group forward and as a compass to guide our actions and choices, The SCOR Way is anchored by five core values, reflecting the input of employees at all levels of the Group. We care about clients, people, and societies. We perform with integrity. We act with courage. We encourage open minds. And we thrive through collaboration.

SCOR supports inclusion and the diversity of talents, and all positions are open to people with disabilities.