i) Manage department - Oversee department management including budgets, forecasting, work allocations and staffing - Develop staff through ongoing coaching, mentoring and career discussions - Define common goals, direction and accountability among staff - Drive effective performance management practices within department in accordance with company policies and procedures
ii) Security Consultancy and Design - Provide, advise and review security requirements, measures and standards required for systems acquisition, design, changes and upgrades, development, implementation as well as operations.
iii) Security Management - Set up and manage security systems such as firewalls, IPS, network ATP, VPN, WAF, end-point protection, certificate management system, log management system, database access monitoring, vulnerability and compliance scanners. This includes carrying out maintenance, upgrades and patching.
iv) Security Incident Management - Respond to security incidents. - Evaluate the type and severity of security events. - Set clear expectations on issue resolution. - Update stakeholders on changes in status during issue resolution. - Provide status updates during the life cycle of an incident. - Create final incident report detailing the events of the incident. - Support the maintenance and update of business recovery/contingency plans and/or procedures. - Assist with establishing procedures for handling detected security events.
v) Audit and Compliance - Single Point of Contact (SPOC) for internal/external auditors and consultants in audit/review projects. - Review audit artifacts with domain experts. - Tracking the status of audit issues till closure. - Perform internal security compliance checks on IT systems.
- At least 8 - 10 years’ experience in developing, implementing and maintaining IT systems.
- Experience in leading a team.
- Broad security knowledge of a wide spectrum of Infra systems including servers, network, workstations and security management tools.
- Experience in operating system security, database security, network security, firewalls, SIEM, computer security Incident response, vulnerability scanning, SAP, LDAP and PKI.
- Strong vendor, service level and project management skills.
- Strong communications skills with stakeholders at all levels.
- Certification in CISSP and/or CISA/CISM will be preferred.
- Degree in IT, Computer Science, Computer Engineering or equivalent.