Senior Information Security Manager / Assistant Director
||Kuala Lumpur, Malaysia
||Up to MYR 216,000 per annum
||1st June 2018
Client Background & Role Summary:
Our client is one of the Big Four; professional firms in the world, offering audit, assurance services, taxation, management consulting, advisory, actuarial, corporate finance and legal services. They are looking for an Assistant Director, Information Security Specialist to join their Core Business Services (CBS) team and support the important business enablement functions that keep their Company running strong.
- Define and provide pragmatic security guidance that balance business benefit and risks.
- Provide services on InfoSec Architecture, Security solutions and Application Security
- Engage IT project teams throughout the SDLC to identify and prioritize applicable security controls and provide guidance on how to implement these controls
- Perform risk assessments of information systems and infrastructure
- Maintain and enhance the Information Security risk assessment methodology
- Develop appropriate risk treatment and mitigation options to address security risks identified during security review or audit
- Translate technical vulnerabilities into business risk terminology for business units and recommend corrective actions to customers and project stakeholders
- Define security configuration standards for platforms and technologies
- Act as Subject Matter Expert (SME) in responsible technologies and have deep technical understanding of responsible portfolios
- Demonstrate integrity in a professional environment
- Ability to team well with others to facilitate and enhance the understanding & compliance to security policies
- Ability to work effectively with customers, management, staff members, vendors, and consultants and articulate findings and recommendations
- Provide knowledge sharing and technical assistance to other team members
- Flexibility to adjust to multiple demands, shifting priorities, ambiguity, and rapid change
- At least Bachelor’s Degree in Computer Science or related fields.
- Five or more years of experience in an Information Security or Information Technology discipline with demonstrated experience in one or more the following:
- Provide and validate security requirements related to information system design and implementation and broad range of operating systems and databases
- Conduct risk assessments, vulnerability assessments, vendor and third party risk assessments and recommending risk remediation strategies
- Experience in the use of tools and methods to identify security exposures and business risks
- Experience with the design and engineering of web-based multi-tier information systems and architecture design
- Experience with web technologies, programming languages, operating systems, database platforms and mobile enterprise application platforms
- Experience with Cloud solutions and more than one of these technologies, i.e. Java, .NET, Oracle, SQL, C++, webSphere, Sharepoint, IIS, etc.
- Knowledge of common information security standards, such as: ISO 27001/27002, NIST, PCI DSS, ITIL, COBIT
- Familiarity with information system attack methods and vulnerabilities
- Must be strong in technology – Infra and application development (good if both)
- Knowledgeable in Security concepts and must know how to lay out security architecture/design
- Strong English communication and writing skills are required and ability to communicate in Mandarin is preferable
- Candidates are preferred to hold or be actively pursuing related professional certifications such as CISSP, CISM or CISA
If you are interested, kindly email your updated resume to Emily at email@example.com or click “Apply Now”. Regretfully, only shortlisted candidates will be contacted. Thank you!