- Establish scope of risk analysis for new technology initiatives.
- Perform cyber risk assessment activities based on risk assessment plan.
- Conduct compliance audits like operation security compliance status review and security log review.
- Able to perform VA scan like Nessus and able understand and analyze the various types of vulnerabilities reported.
- Track remediation efforts for security and audit deficiencies. Able to understand web and system vulnerabilities is expected.
- Escalate any compliance issues to higher management.
- Provide guidance to personnel on compliance and best practices, including briefings.
- Develop documentation on methodologies, security frameworks to mitigate risk.
- Prepare security reports for operation (ITSO) and management (ITSM).
- Review security procedures, standards and exceptions.
- Support implementation of information systems and cyber security policies.
- Support the development of security policies for cyber security risk assessments and compliance audits.
- Implement IT security incident management and handle IT security incidents.
- Need to response together with IT operation for malware, intrusion alerts and IOC,IOA from CERT in a timely manner.
- Perform security risk assessment and recommend appropriate controls with technical stakeholder.
- Support implementation of preventive measures against intrusion, frauds, attacks or leaks.
- Liaison with auditors to conduct external security audits.
- Will require to explain security matters to stakeholders like reports, incidents, audits, improvements.
- May require to perform some research emerging security and risk management trends, issues, and alerts.
- Will be expected to be contactable 24x7 when critical cyber security issue arises.
- Will be expected to be seconded to government owned IT operation.
(a) IT Security Manager: - Minimally five (5) years of experience in IT security governance and operations; and - Possess Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), GIAC Certified Incident Handler (GCIH) or equivalent certification(s).
(b) ITSO: - Minimally three (3) years of experience in IT security governance and operations; and - Possess Systems Security Certified Practitioner (SSCP), GIAC Certified Incident Handler (GCIH) or equivalent certification(s).