Cyber & IT Risk Security Assistant Manager

Job Search   >   Technology / Digital   >   Cyber & IT Risk Security Assistant Manager

Cyber Security, IT | Kuala Lumpur | Up to MYR 108,000 | 30th Dec 2020

Cyber & IT Risk Security Assistant Manager

(20079_JC)

Specialisation: Cyber Security, IT

Email Jesse

Location: Kuala Lumpur
Salary: Up to MYR 108,000
Type: Permanent
Posted On: 30th December 2020

Client Background:

Our client is a leading investment holding company. As part of their expansion program to meet their client’s needs, they are looking for a person for the above role.

Job Purpose:

  • Plan, develop and manage all Group’s IT risks management processes to safeguard the organization and its ability to perform its business mission.
  • Consolidate the deviations and non-compliance IT risks incidences highlighted during audit verifications or assessments reported by users.
  • Govern IT policies update and its compliance.
  • Managed security incidents.
  • Initiate corrective measurement and interventions when necessary to address the deviations.

Key Responsibilities:

IT Risk and Security Management

  • Plan, develop and manage the implementation IT risks and security policy and guidelines to safeguard IT resources and facilities.
  • Consolidate, analyze and report all non-compliance IT incidences and mitigation measures to Management.
  • Monitor and enforce the existing IT policies and procedures to meet Group IT Risk compliance.
  • Identify business requirements for information security and controls and recommend security solutions that addressed business risks.
  • Identify solutions that enhance the effectiveness and efficiency of information security and control measures.
  • Manage and monitor security implementation initiatives and projects.
  • Plan and execute security education and awareness programme.
  • Participate in key IT projects as requested by IT or Compliance team.
  • Undertake special investigation and cyber forensic tasks as and when requested by Management.
  • Develop, update and report quality of internal controls health checks (i.e. posture & metrics).
  • Follow-up, provide guidance and monitor resolution of control weakness and implementation of audit recommendations, to ensure compliance of IT activities against related policies, standards & procedures.
  • Any other related work as requested to support IT Risk & Security Management’s strategies and initiatives.

IT Cyber Defence

  • IDS monitoring and analysis.
  • Network traffic and log analysis.
  • Prioritization and differentiation between potential intrusion attempts.
  • Determination of false alarms, APT detection, and malware analysis/forensics for cloud and on premise system.
  • Create/track investigation case files.
  • Incidence resolution and forensic resolution along with vendors.

IT Computer Disaster

  • IT disaster recovery alternate team lead.
  • Plan and conduct the IT Computer Disaster Recovery simulation testing to ensure IT critical applications identified can be recovered quickly to mitigate business disruption in the event of disaster.
  • Report and initiate corrective measures to address gaps to ensure compliance to Group IT Risk and Security governance policy and guidelines.

IT Governance

  • Develop, review and enhance a robust IT governance framework to support the Group’s business growth and operational needs.
  • Manage the implementation of IT governance initiatives to ensure the highest availability of corporate and business applications in a secure environment as per committed SLA and risk governance standards.
  • Responsible of governance processes and improvement for all IT (governance of procurement, data, contracts).
  • Person In Charge for all ERP/LOB applications governance approval and audit (user verification, Segregation of Duties).

IT Audit Management

  • Manage IT audit program conducted by both internal and external auditors, including audit readiness, preparation, pre-audit assessment reviews and audit closure.
  • Manage, update and close Quarterly Audit Status Report (QASR) issues.
  • Enforce existing IT policies and procedures to meet Group IT/HSE compliance.

Requirements:

  • Degree in Computer Science/Cyber Security, related to IT Risk & Security Management field, or equivalent work experience.
  • At least 5-7 years (with 3 years in managerial positions) related experience in IT audit, security and controls management, compliance management.
  • Working knowledge in the following areas:
  • Globally accepted IT management framework i.e. COBIT/ISO27001/BS7799/ITIL, TQM, QMS, 6-Sigma and audit standards.
  • IT Governance, functions and control best practices for each IT functions, process owners and users.
  • Specific knowledge of security architecture strategies and implications on applications.
  • Broad knowledge of IT Security and control solutions including firewall, security log management, Intrusion Prevention System, anti-virus and spamming, compliance monitoring, tolls data leakage protection and information rights management.
  • Team player, proactive and innovative.

If you are interested, kindly email your updated resume to Jesse at jesse.chng@mindmerge.com.my or click “Apply Now”. Regretfully, only shortlisted candidates will be contacted. Thank you!