Responsibilities
- Responsible for the formulation of IT Security Strategy by assessing the evolving threat landscape together with the organizational strategic objective.
- Responsible for analyzing IT security architecture trends and develop recommendations for changes to the global security infrastructure.
- Responsible for implementing and continuously improving an organization wide’s monitoring mechanisms of IT Security related events.
- Responsible for developing and continuously improving an organization wide’s IT Security Incident/Alert Management Framework, covering different geographies.
- Responsible for driving high degrees of security automation within the operational framework.
- Responsible for driving and maintaining oversight of all IT Security related events, incidents and/or investigations.
- Responsible for creating a framework to monitor IT Security Intelligence relevant to the organization.
- Responsible for establishing link up with relevant IT Security incident authorities (e.g. SINGCERT) and supporting bodies (e.g. Forensic vendor).
- Responsible for building an IT Awareness Program with both learning and phishing simulation to enhance the security readiness of the staff across countries with different cultural experience.
- Support in validating the effectiveness of the framework through simulation exercises.
- Support in managing a Security Vulnerability and Penetration Testing Program. Collaborate with cross functional teams to build and mature the DevSecOps program with implementation of “shift left” initiatives.
- Assist in operating an effective Data Leakage Protection Program that provides the maximum protection to critical data with minimum false alert overhead.
- Assist in ensuring the ongoing compliance against relevant IT legislative/regulatory requirements (e.g. PDPA, MAS TRM & PCI).
- Assist in ensuring the ongoing compliance against the organizational IT Security policies, standards and procedures.
Requirements
- 8 to 12 years of relevant IT Security work experiences.
- Possesses security related certifications such as CISSP, CISM or CISA, with strong knowledge of IT legislations such as PDPA, MAS TRM, PCI, SGX and ISO 27001.
- Knowledge of common information security management knowledge, including but not limited to ATT&CK, kill chains, etc.
- Exercise high diligence in ensuring the root causes of all IT Security events are identified and remediated timely.
- Highly disciplined and diligent in driving deliverables strictly within defined timelines.
- Strong communication/presentation/writing skills with proficiency in writing & speaking English and Chinese (to liaise with China counterparts).
- Disciplined in being guided by a set of formalized security policies, standards, procedures and frameworks.
- Logical and methodological, with good planning & organizational skills.
- Able to work independently and as a strong team player.
*Interested candidates please send your CV to savitha.mohan@iotalents.com*
it security
Certified Information Systems Security Professional (CISSP)
cism
cisa
Vulnerability Assessment
Penetration Testing