Responsibilities

  • Establish scope of risk analysis for new technology initiatives.
  • Perform cyber risk assessment activities based on risk assessment plan.
  • Conduct compliance audits like operation security compliance status review and security log review.
  • Able to perform VA scan like Nessus and able understand and analyze the various types of vulnerabilities reported.
  • Track remediation efforts for security and audit deficiencies. Able to understand web and system vulnerabilities is expected.
  • Escalate any compliance issues to higher management.
  • Provide guidance to personnel on compliance and best practices, including briefings.
  • Develop documentation on methodologies, security frameworks to mitigate risk.
  • Prepare security reports for operation (ITSO) and management (ITSM).
  • Review security procedures, standards and exceptions.
  • Support implementation of information systems and cyber security policies.
  • Support the development of security policies for cyber security risk assessments and compliance audits.
  • Implement IT security incident management and handle IT security incidents.
  • Need to response together with IT operation for malware, intrusion alerts and IOC,IOA from CERT in a timely manner.
  • Perform security risk assessment and recommend appropriate controls with technical stakeholder.
  • Support implementation of preventive measures against intrusion, frauds, attacks or leaks.
  • Liaison with auditors to conduct external security audits.
  • Will require to explain security matters to stakeholders like reports, incidents, audits, improvements.
  • May require to perform some research emerging security and risk management trends, issues, and alerts.
  • Will be expected to be contactable 24x7 when critical cyber security issue arises.
  • Will be expected to be seconded to government owned IT operation.

Requirements

(a) IT Security Manager: - Minimally five (5) years of experience in IT security governance and operations; and - Possess Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), GIAC Certified Incident Handler (GCIH) or equivalent certification(s).

(b) ITSO: - Minimally three (3) years of experience in IT security governance and operations; and - Possess Systems Security Certified Practitioner (SSCP), GIAC Certified Incident Handler (GCIH) or equivalent certification(s).