Responsibilities
- Review and development of security framework, information security policies, processes /procedures and guidelines on an ongoing basis.
- Work with vendor to conduct security assessments and penetration tests.
- Identify security gaps, perform threat risk assessments in current setup and propose mitigating measures.
- Standardize and refine security incident response and escalation processes.
- Mitigate and contain threats when detected.
- Escalate security incidents and non-compliances on a timely basis.
- Work with IT infrastructure team to evaluate, implement and enhance the network perimeter security, endpoint security, SIEM, secured remote access, MFA, Identity Access Management and Privileged Access Management.
- Monitor information security alerts triage, mitigate, and escalate issues as needed.
- Provide security advisory to end users on regular basis.
- IT Security Management of various aspect, e.g. network security, server security, application security, end point security, email security, physical access security, logical access security, etc.
- Keep abreast of industrial IT security advancements and introduce appropriate security enhancements to IT infrastructure and systems.
- Attend to any other reasonable duties as assigned by the Senior Cyber Security & IT Governance Manager and IT Director.
Requirements
- Degree in engineering, science or information technology, or equivalent education.
- At least 3-5 years of related work experience in cybersecurity management and security governance.
- Candidates with additional experience will be considered for the Senior Cyber Security Analyst position
- Good working knowledge of security risk management, security governance framework and compliance (IT Security Audit / log review), technical vulnerability management (vulnerability assessment, penetration testing), application security, security technologies (system hardening, IDS/IPD, firewall), security incident response and security assessment.
- Strong understanding of ISO27001 standard.