Title: Information Security Assurance Lead (Web and Application Security)
Job Description:
We are seeking a highly skilled and experienced Information Security Assurance Specialist to join our dynamic team. In this role, you will be responsible for ensuring the security of our web and application systems by identifying vulnerabilities, implementing security measures, and ensuring compliance with industry standards and regulations.
Key Responsibilities:
Security Assessment and Auditing:
· Conduct regular security assessments and audits of web and application systems.
· Identify potential vulnerabilities and recommend appropriate mitigation strategies.
· Perform penetration testing and vulnerability scanning to assess security posture.
Security Implementation:
· Implement and maintain security controls to protect web and application systems.
· Collaborate with development teams to integrate security best practices into the software development lifecycle (SDLC).
· Develop and enforce security policies, procedures, and guidelines.
Incident Response:
· Monitor security events and respond to security incidents related to web and application systems.
· Perform root cause analysis and implement corrective actions to prevent future incidents.
· Maintain an incident response plan and conduct regular drills to ensure readiness.
Compliance and Risk Management:
· Ensure compliance with relevant security standards and regulations (e.g., ISO 27001, GDPR, PCI-DSS).
· Conduct risk assessments and develop risk management plans.
· Maintain up-to-date knowledge of emerging threats and vulnerabilities in web and application security.
Training and Awareness:
· Provide security training and awareness programs for employees and stakeholders.
· Stay current with the latest security trends, tools, and technologies.
· Promote a culture of security awareness throughout the organization.
Requirements:
· Bachelor’s degree in Information Security, Computer Science, or a related field.
· At least 3-5 years of experience in information security, with a focus on web and application security.
· Strong knowledge of web security technologies and protocols (e.g., HTTPS, TLS, SSL).
· Proficiency in web and application vulnerability assessment tools (e.g., OWASP ZAP, Burp Suite).
· Experience with security frameworks and standards (e.g., OWASP, NIST, ISO 27001, MAS TRM).
· Familiarity with secure coding practices and code review processes.
· Knowledge of network security principles and practices
· Relevant certifications such as CISSP, CEH, OSCP, or GIAC are highly desirable.
To apply, please submit your updated resume detailing your relevant experience and qualifications.
We regret to inform you, that only shortlisted candidates will be notified. Thank you for your understanding.
Eames Consulting Group (Singapore) Pte Ltd
EA Licence: 16S8091 | EA Registration Number: R1442954