Summary of Job Role
To secure the enterprise through the use of information security strategy, policy, standards, risk assessments, management processes and technologies to ensure that information assets are adequately protected with acceptable levels of controls and data privacy preserved in accordance to best practice.
Deploy and run the operation of information security technology solutions that are aligned with the strategic objectives and priorities of the enterprise.
Develop pragmatic security guidelines, review and suggest new security technologies to strengthen the overall systems and network security by identifying existing and potential security vulnerabilities and risk areas.
Design, implement, operate and maintain infrastructure security projects, security components and processes necessary for the enterprise, such as firewall, SIEM, IPS, SSL VPS, DLP, End point Security, Content Security, Identity and Access Management, security / information assurance program, architecture, certification and accreditation, operational security and incident management.
Handle daily security events, alerts, incidents and participate in threat hunting activities.
Review and ensure that the technology solution proposed is compliant with approved / agreed security policies and requirements as well as relevant regulations.
Where necessary, perform and document gap analysis against stated requirements.
Assess critical IT infrastructure and applications to ensure they are protected from security exposures and they are monitored end-to-end.
Provide mitigating recommendations for gaps identified.
Coordinate the resolution of outstanding security and IT audit issues related to security technology and operations.
Participate and contribute to the development of technical Info Security strategies.
Maintain a strong understanding of relevant security standards and security technology. Where necessary, communicate with the relevant IT team leaders.
University Degree in the field of Computer Science, Information Systems or Software Engineering and / or 3-5 years of equivalent work experience.
Professional security certification such as CISSP, CISM or GIAC would be an advantage.
Minimum 5 years of working with and / or administration of various security technology such as firewall, SIEM, IPS, SSL VPN, DLP, End point security, Content Security, Identity and Access Management.
Minimum 2 years of experience in managing operational information security.
Experience in consulting or vendor environment would be an advantage.
Special Skills Requirement :
Excellent understanding of security strategies and technologies including secure network design, remote computing, systems and hosts security, secure web services, secure Software Development Lifecycles, technical security audit, vulnerability and risk management, security monitoring, access controls (identification, authentication and authorization) and encryption.
Strong knowledge of information security frameworks, standards, and compliance requirements such as ISO27001, ISO27002, PCI-DSS, PDPA & Cloud Security, and their application into diverse environment.
Able to explain security technology and their functionalities and clearly articulate the needs and benefits in technical and business context to different levels of management.
Strong written, oral, interpersonal communication and presentation skills.
Excellent analytical skills, ability to make sound and logical judgements.
Demonstrate leadership and personnel / project management skills.