Job Description :
- Responsible to ensure that projects/systems comply with security policies and the relevant legal and regulatory frameworks (such as PDPA or Cybersecurity Act) throughout the product lifecycle
- Identification, assessment and provide treatment of security risks associated with systems.
- Perform vulnerability assessments, source code review and penetration tests so that remediation actions can be undertaken by Business Services Group within the agreed timelines
- Review RFP proposal compliance with security requirements
- Perform cybersecurity assurance activities across the different stages of SDLC
- Evaluate risks related to third-party vendor and products and identify mitigating measures
- Perform independent assessments of the technical security controls implemented within the projects/systems to determine the overall effectiveness of the controls
Requirement
- Degree in Computer Science, Information Systems, Engineering or equivalent
- At least 6 years of IT security experience in areas of security governance, risk management, application security design, security project management, security operation, cloud security technologies
- Strong risk management principles, risk articulation skills, cloud technologies, network security, data protection
- Knowledge of cloud platforms such as AWS, Azure or Google cloud is desirable
- Professional security certification is preferable, such as CISSP, CISM, CISA, CCSP or other similar security certifications
- Self-motivated with the ability to work independently and as a team member with minimal direction
- Strong interpersonal and stakeholder management skills
- Good written and communication skills
