Cyber & IT Risk Security Assistant Manager
||Cyber Security, IT
||Up to MYR 108,000
||30th December 2020
Our client is a leading investment holding company. As part of their expansion program to meet their client’s needs, they are looking for a person for the above role.
- Plan, develop and manage all Group’s IT risks management processes to safeguard the organization and its ability to perform its business mission.
- Consolidate the deviations and non-compliance IT risks incidences highlighted during audit verifications or assessments reported by users.
- Govern IT policies update and its compliance.
- Managed security incidents.
- Initiate corrective measurement and interventions when necessary to address the deviations.
IT Risk and Security Management
- Plan, develop and manage the implementation IT risks and security policy and guidelines to safeguard IT resources and facilities.
- Consolidate, analyze and report all non-compliance IT incidences and mitigation measures to Management.
- Monitor and enforce the existing IT policies and procedures to meet Group IT Risk compliance.
- Identify business requirements for information security and controls and recommend security solutions that addressed business risks.
- Identify solutions that enhance the effectiveness and efficiency of information security and control measures.
- Manage and monitor security implementation initiatives and projects.
- Plan and execute security education and awareness programme.
- Participate in key IT projects as requested by IT or Compliance team.
- Undertake special investigation and cyber forensic tasks as and when requested by Management.
- Develop, update and report quality of internal controls health checks (i.e. posture & metrics).
- Follow-up, provide guidance and monitor resolution of control weakness and implementation of audit recommendations, to ensure compliance of IT activities against related policies, standards & procedures.
- Any other related work as requested to support IT Risk & Security Management’s strategies and initiatives.
IT Cyber Defence
- IDS monitoring and analysis.
- Network traffic and log analysis.
- Prioritization and differentiation between potential intrusion attempts.
- Determination of false alarms, APT detection, and malware analysis/forensics for cloud and on premise system.
- Create/track investigation case files.
- Incidence resolution and forensic resolution along with vendors.
IT Computer Disaster
- IT disaster recovery alternate team lead.
- Plan and conduct the IT Computer Disaster Recovery simulation testing to ensure IT critical applications identified can be recovered quickly to mitigate business disruption in the event of disaster.
- Report and initiate corrective measures to address gaps to ensure compliance to Group IT Risk and Security governance policy and guidelines.
- Develop, review and enhance a robust IT governance framework to support the Group’s business growth and operational needs.
- Manage the implementation of IT governance initiatives to ensure the highest availability of corporate and business applications in a secure environment as per committed SLA and risk governance standards.
- Responsible of governance processes and improvement for all IT (governance of procurement, data, contracts).
- Person In Charge for all ERP/LOB applications governance approval and audit (user verification, Segregation of Duties).
IT Audit Management
- Manage IT audit program conducted by both internal and external auditors, including audit readiness, preparation, pre-audit assessment reviews and audit closure.
- Manage, update and close Quarterly Audit Status Report (QASR) issues.
- Enforce existing IT policies and procedures to meet Group IT/HSE compliance.
- Degree in Computer Science/Cyber Security, related to IT Risk & Security Management field, or equivalent work experience.
- At least 5-7 years (with 3 years in managerial positions) related experience in IT audit, security and controls management, compliance management.
- Working knowledge in the following areas:
- Globally accepted IT management framework i.e. COBIT/ISO27001/BS7799/ITIL, TQM, QMS, 6-Sigma and audit standards.
- IT Governance, functions and control best practices for each IT functions, process owners and users.
- Specific knowledge of security architecture strategies and implications on applications.
- Broad knowledge of IT Security and control solutions including firewall, security log management, Intrusion Prevention System, anti-virus and spamming, compliance monitoring, tolls data leakage protection and information rights management.
- Team player, proactive and innovative.
If you are interested, kindly email your updated resume to Jesse at firstname.lastname@example.org or click “Apply Now”. Regretfully, only shortlisted candidates will be contacted. Thank you!