Job Description

Responsibilities

• Defining and maintaining corporate-wide information security governance and controls to ensure that information assets are adequately protected
• Involved in Identifying, evaluating and reporting of information security risks in a manner that meets compliance and regulatory requirements
• Work closely with various cross functional teams, formulate an institute and monitor security policies, standards, procedures, guidelines are kept relevant with the evolving security risks and govern the compliance to the regulatory requirements
• Structuring and enhancing security artefacts such as high-level information security requirements, security hardening guides and security patching baselines
• Analysing business and operations initiatives to identify the business and application security risks, review the specified requirements and assess the control implementations to ensure information security risks are managed
• Managing and creation of the relevant dashboards and tools to support management reporting on the security metrics relating to the operating environment, inclusive of OS, DB hardening, user awareness training, phishing exercises, DLP and vulnerability assessments
• Strong end-to-end knowledge of cyber, security, governance, risk and policies

• 8 - 10 years of technology work experience with a minimum of five years in information security
• Knowledge and experience in information security risk assessment and management
• Security certification in CISSP, CISM, CISA or other information security credentials, is essential
• Strong change champion with the ability to master key concepts on cybersecurity related use cases and articulate security objectives to stakeholders across all levels
• Knowledge of security and control frameworks, such as ISO 27001/2, COBIT, COSO and ITIL
• Results-oriented, decisive and able to manage conflicts
• Adaptable and able to deal with changes constantly

Jobline Resources