Deputy Manager (IT Security) - Contract - #1098299

The role is primarily responsible for information security operation which encompass managing security tools such as privilege access monitoring and vulnerability assessment technologies. The role will also assist on assessing network and infrastructure security design, and monitor the effectiveness of security controls. This includes managing the outsourced security operation centre and improving IT processes for effectiveness in addressing security risks.

Responsibilities include:

Security Governance & Assurance

• Collaborate with IT teams and cross-functional stakeholders to plan, execute, and deliver cybersecurity initiatives and projects aligned with business objectives.

Managed Security Tools Administration

• Manage and Support Privileged Access Management (PAM): Administer and maintain PAM solutions to enforce the least privileged access, monitor privileged sessions, and ensure compliance with access control policies.

• Review and update security tool configurations and policies to maintain optimal effectiveness and compliance.

Vulnerability Management & Security Assessment

• Manage and Conduct Vulnerability Assessments: Lead the planning and execution of regular vulnerability scans and assessments across systems and applications, ensuring timely identification, analysis, and remediation of security weaknesses.

• Manage Penetration Testing Services: Oversee internal and external penetration testing engagements, including scope definition, vendor coordination, test execution, risk analysis, and follow-up on remediation efforts to enhance security posture.

Security Monitoring & Threat Detection

• Monitor security events escalated by vendors, Managed Security Service Provider (MSSP) ensuring timely triage, containment, eradication, and recovery from incidents.

• Continuously improve monitoring processes to automate log correlation and incident response.

Incident Response Management

• Support the cyber incident response plan, including regular updates to playbooks and execution of tabletop exercises with stakeholders.

• Ensure thorough documentation of security incidents including RCA, lessons learned, and remediation tracking until closure.

Reporting & Metrics

• Generate regular reports and executive dashboards on security posture, event trends, incident metrics, and tool performance.

• Provide audit support through logs, reports, and tool evidence as required.

Third-Party & Vendor Management

• Manage third-party cybersecurity service providers, including MSSP contract management, performance evaluation, and SLA adherence.

• Liaise with tool vendors for updates, escalations, and subscription management.

• Evaluate and recommend improvements or alternatives for external cybersecurity services and tools.

Documentation & Continuous Improvement

• Develop and maintain SOPs for security tool operations and incident handling.

• Conduct regular effectiveness assessments of security tools and recommend enhancements or automation for improved performance.

• Stay current with emerging threats, technologies, and industry best practices to continuously improve the cybersecurity environment.

• Backup Support for Monitoring, Detection, and Response: Provide backup support to Security Operations, assist in threat monitoring, incident detection, and response activities to maintain a strong defense against evolving cyber threats.

Requirements:

• At least 3 years of work experience in Cyber Security operation and Incident Response role with experience in examining suspicious/malicious network events, analyzing malicious code/exploits, and system/network forensics

• Experience in security aspects of multiple platforms, operating systems, software, communications and network protocols or an equivalent combination of education and work experience

• Experience with vulnerability assessment and privilege access management tools

• Good knowledge and experience with ISO27001 implementation and cloud security like Amazon Web Services (AWS), Microsoft Azure and SaaS solutions, security standards and frameworks like NIST, ISO27001 and CSA Security-by-Design (SB) is desirable

• Excellent organizational, interpersonal and project management skills

• Excellent communication skills both written and oral

• Experience in managing security in complex environment

• Candidate with security qualifications (e.g. GCIH, ECIH, CISSP) is preferred