Salary Range : RM7,000 – RM9,500
- Lead the IT Security team in IT System/Infrastructure Security; implement and monitor security measures for the protection of business application systems, networks and information to ensure that all IT related security components are implemented in accordance with the compliance against Global Information Security Group Guideline/Standards, Statutory Legal and Regulatory requirements.
- Lead & participate together with the team responsible on patch & vulnerability management.
- To monitor, analyse and response to daily system alerts/logs from various internal/external source/soc; conduct correlation/forensic analysis, determine possible causes of such alerts, flag suspicious events, identify abnormalities and report violations; resolve internal/external escalation within agreed SLA, provide technical supports, lead the Security Incident Response Team, develop counter measure/strategies to respond to and recover from security breach, document the incident & take appropriate action accordingly.
- Lead & conduct regular self-assessment to assess company’s IT security maturity levels, analyze security threat landscape & future requirement by working with relevant party to establish short/long term IT Security Strategy that is aligned with company, IT and/or Global Information Security Group strategic, goals, direction and budgetary considerations. Accountable to lead, evaluate, implement, maintain and support IT Security related systems/devices/projects, minimize IT security risks exposure and enforce IT Security related control, compliance & governance across the company.
- Serve & being the in-house technical/security subject matter expert to assess, advice and discuss with relevant business system owners/users, IT team, vendor and/or regional team to ensure IT Security related control requirements on the new/enhance system are well-designed and implement according to Global
- Information Security Group Standards/baseline, local regulatory and best practices. Manage exceptional request. Coordinate with vendor on 3rd part Penetration Testing, Source Code Scanning for new and/or major enhanced system/projects and ensure highlighted issues/gaps are closed prior to system/project go-live.
- Oversee, facilitate and interacts with internal and external audit engagement, facilitate remediation based on agreed recommendation and associated risks pertaining to Global Information Security Group and/or any others local regulatory requirement. Periodical tracking and follow-up with relevant party to ensure Audit and compliance gaps are address and rectify according to committed timeline.
- Establish, maintains IT Security Awareness &Training. Review and ensure IT security related policies, procedures and guidelines are up to date. Keep abreast of industry standards, frameworks, technologies & recommend improvements wherever is necessary. Take the lead to plan and conduct monthly, quarterly IT Security related reporting & meeting with management and/or Regional CISO.
- Degree in Computer Science, Information Security or equivalent degree • CISSP, CISA, CISM in Information Security will be an added advantage
- Min. 2 years of leadership/management experience.
- Min. 10 years of related work experience with a proven track record specialize in IT related Security Technologies, IT General Control and IT Processes.
- Min. 10 years hands on technical experience/knowledge in implementing or architecting information security related solution, setup/implement/maintain IT security related solution/system - including End-Point Protection Software, Network Security Monitoring, Network Access Control, L2/L3 Firewalls, Routing, Switching, IDS/IPS, Proxy, WAF, VLAN, VPN Technology, Endpoint Detection & Response Solution, Threat Protection, PAM, IAM, SIEM, APT, Forensic Techniques, Content Filtering, Patch & Vulnerability Management, Encryption Technology, DLP, MDM, DHCP, DNS, HTTP, SSL, SSH, LDAP, IPSEC, etc.
- Min.10 years of related work experience/knowledge in security threat analysis, IT security risk assessment, vulnerability assessment, security formulation, Incident Management, Secure Software Development Lifecycle, Penetration Testing and Source Code review, BCP knowledge, establish IT Security related policy/procedure and lead the response to audit & compliance assessment.
- Excellent analytical & problem-solving skills, results oriented, self-motivated, good interpersonal skill, flexible & independent.
- Excellent Leadership, Management, Presentation, Written and Communications skill.
- Ability to work on own initiative with minimal supervision, excellent time management, priorities and organizational skills to work on multi-tasks with high sense of urgency and tight deadlines in fast paced environment.
- Must be able to handle & provide after-office hours on urgent incident escalation/support request.