- Provide guidance to Business Services Group in ensuring that projects/systems comply with security policies and the relevant legal and regulatory frameworks (such as PDPA or Cybersecurity Act) throughout the product lifecycle
- Perform adequate risk management, including identification, assessment and provide treatment of security risks associated with systems handled by Business Services Group. Risk assessment has to be performed in accordance with the organisation’s cybersecurity risk management framework
- Provide guidance to Business Services Group related to vulnerability assessments, source code review and penetration tests so that remediation actions can be undertaken by Business Services Group within the agreed timelines
- Provide security consulting and advisory to Business Services Group
- Review RFP proposal compliance with security requirements
- Review architecture design developed by Enterprise/Solution/Security Architect
- Perform cybersecurity assurance activities across the different stages of SDLC
- Evaluate risks related to third-party vendor and products and identify mitigating measures
- Perform independent assessments of the technical security controls implemented within the projects/systems to determine the overall effectiveness of the security controls
- Review and propose improvements to IT security policies, framework, standards, procedures and best practices
- Degree in Computer Science, Information Systems, Engineering or equivalent
- At least 6 years of IT security experience in areas of security governance, risk management, application security design, security project management, security operation, cloud security technologies
- Strong risk management principles, risk articulation skills, cloud technologies, network security, data protection
- Knowledge of cloud platforms such as AWS, Azure or Google cloud is desirable
- Professional security certification is preferable, such as CISSP, CISM, CISA, CCSP or other similar security certifications
- Self-motivated with the ability to work independently and as a team member with minimal direction
- Strong interpersonal and stakeholder management skills
- Good written and communication skills