• Develop and maintain client’s IT Security Management Plan focus on Applications Systems
  • Harmonise obsolescence management efforts across Applications Systems
  • Perform risk assessment for potential security vulnerabilities from identified activity and obsolete systems for Applications Systems.
  • Conduct regular penetration testing and Static Application Security Tests
  • Assess and recommend mitigating measures to address potential security vulnerabilities
  • Schedule security scan for identified systems according to policies, and verify all vulnerability rectification are satisfactorily performed
  • Conduct Security Review on System Access and administration patterns weekly, and report unusual or suspicious activities, if any, to Governance Management (SMO)
  • Track, mitigate and deploy patch security vulnerabilities accordingly to the stipulated timeline.
  • Maintain oversight and submit reports on monthly basis
  • Escalate and/or seek Authority’s acceptance and approval of assessed risks
  • Conduct IT Security Management briefings and workshops


  • Diploma / Degree in Computer Sciences, Engineering and any Sciences disciplines
  • Certified Ethical Hacker (CEH) Certification
  • Certified Information Systems Security Professional (CISSP)
  • Highly preferred hands-on experience for Splunk, Tenable, BeyondTrust, HP Fortify Static Code Analyzer and Fireeye. and Tools projects in OWASP