Job details
Location: | |
Job Type: | Permanent |
Discipline: | |
Reference: | IT/YT/TRMRSM/160618C |
Posted: | almost 6 years ago |
Consultant: | Yvonne Tang |
Consultant Email: | email Yvonne |
Consultant Phone: |
Job description
Responsibilities:
This candidate will be a member of the Technology & Cyber Risk team that provides the Cyber risk and security advisory functions to the organization:
-
Provide consultative information security governance, risk, and compliance advisory services for IT/OT systems and services, balancing appropriate security, business goals, and enterprise priorities to achieve collaborative outcomes to challenging business problems/objectives in a secure way
-
Work with IT/OT and business partners to ensure collaborative security control design and implementation in accordance to the security framework
-
Investigate complex, and sometimes historic practices/solutions to determine gaps, identify improvements and facilitate migration to a preferred state with a high degree of independence
-
Assess risk of issues/findings, assign ownership and obtain agreement from finding owner on a remediation plan
-
Develop and maintain comprehensive documentation of engagements performed and risks identified
-
Drive documentation and management of IT/information security issues and exceptions
-
Develop and deliver presentations tailored to different audiences to communicate the need for good information security practices embedded within IT/OT and business functions
-
Maintain and present executive level dashboards for management reporting
-
Review and keep up-to-date IT Policies and Standards, including introduction of new policies as required.
Pre-requisites:
-
Degree or Diploma in Computer-related disciplines
-
Information Security or IT Controls Certification such as Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM) would be an added advantage
-
At least 3 years’ experience that covers the below functions:
-
Experience in Technology Risk assessment and/or security advisory with thorough understanding of IT security best practices and the ability to effectively apply those practices
-
Experience with applying various governance frameworks and standards including ISO 27001/2, PDPA, PCI-DSS and NIST etc.
-
Possess knowledge across various information security technologies/areas in a large enterprise including firewalls, intrusion detection, encryption, Linux O/S, Windows O/S, databases, antivirus, patch management, vulnerability scanning, backup, logging and monitoring, remote access, application development, network security, application security, and change management
-
Conversant and well-versed in recommending efficient IT security controls throughout the SDLC cycle. Understanding security controls within Agile development framework would be an added advantage
-
Proven record of balancing business need/benefit versus security risk. Direct experience owning a customer or business relationship on behalf of an organization a major plus
-
EA License no: 16S8066 | Registration no: R1110355
Only successful candidates will be notified.