Job Scope

An senior professional within InfoSec Management who responsible for managing technical domain of the company-wide information security. Developing and maintaining best practice security measures ensuring robust security compliance throughout the whole company. This role requires a proactive individual with a strong technical security background and a passion for continuous improvement.

Job Responsibilities

- Review the company-wide information security policies, procedures and standards to ensure the alignment with market standards and Group policies
- Provide leadership and consulting to multiple interdepartmental security stakeholders including guidance and instruction to ensure all IT and OT critical systems/applications compliance with information protection from government ordinance and industry regulations 
- Oversee continuous monitoring of IT and OT systems/applications for security breaches, unauthorized access, malicious activities, vulnerability patching, etc.
- Identify potential security vulnerabilities and assess risks, advise system owners to deploy appropriate mitigation and protection 
- Lead incident owners in responding to security incident or cyber-attacks, analyzing the causes and collaborating with system/application owners to implement remedial action and improvement plan
- Conduct deep-dive checking and audit of daily operation by reviewing system logs, participating implementation, preview & post-check of critical configuration change in view of security

Job Requirements

- Degree in  Computer Science, Informatiion Technology, Computer Engineering or related disciplines

- 5+ years of increasingly responsible experience in information & cybersecurity in enterprise environoment covering application systems and Infrastructure with proven record in information secuirty management role

- Hand on experience of the security tools in Incident Response (SIEM, SOC, Sentinel), vulnerability management (Neessus, Defender, Qualys), Network & Endpoint security (Firewall, Zscaler, EDR), Identity and Access (PAM) and Cloud Secuirty (Azure and AWS)

- Holder of Security certification such as CISSP, CISM is a MUST
- Holder of Certification such as CCNP, MCSE is preferrable 

- With experience in Expert engineer level on security technology solutions for the company across a range of information secuirty areas such as IDS/IPS. SIEM, Firewall, and antivirous
- Capable to perform operating system, network and application vulnerability assessments
- Practical knowledge on intrusion detection methodologies, techniques & tools for detecting host and network-based intrusions
- Good knowledge of ITILv3, ISO27001, cybersecurity technologies and emerging threat vectors
- Able to work under pressure and handle multi-tasks without compromising quality
- Be open mind and willing to take chanllenge from adopting new technologies and re-engineering