Kindly note that Jobline will be offline for maintenance on this Friday (May 14, 2021) from 5:00 PM to 9:00 PM.
- Provide guidance to Business Services Group in ensuring that projects/systems comply with security policies and the relevant legal and regulatory frameworks (such as PDPA or Cybersecurity Act) throughout the product lifecycle.
- Perform adequate risk management, including identification, assessment and provide treatment of security risks associated with systems handled by Business Services Group. Risk assessment has to be performed in accordance with the organisation’s cybersecurity risk management framework.
- Provide guidance to Business Services Group related to vulnerability assessments, source code review and penetration tests so that remediation actions can be undertaken by Business Services Group within the agreed timelines.
- Provide security consulting and advisory to Business Services Group:
- Review RFP proposal compliance with security requirements
- Review architecture design developed by Enterprise/Solution/Security Architect
- Perform cybersecurity assurance activities across the different stages of SDLC.
- Evaluate risks related to third-party vendor and products; and identify mitigating measures
- Perform independent assessments of the technical security controls implemented within the projects/systems to determine the overall effectiveness of the controls
- Degree in Computer Science, Information Systems, Engineering or equivalent.
- At least 10 years of IT security experience in areas of security governance, risk management, application security design, security project management or security operation.
- Strong risk management and risk articulation skills.
- Professional security certification is preferable, such as CISSP, CISM, CISA or other similar security certifications.
- Self-motivated with the ability to work independently and as a team member with minimal direction.
- Strong interpersonal and stakeholder management skills.
- Good written and communication skills.