IT Security Manager (ITSM) - #1103024

Job Summary:

We're seeking an experienced IT Security Manager (ITSM) to lead our cybersecurity efforts and ensure the confidentiality, integrity, and availability of our IT systems and data. As a key member of our team, you'll be responsible for managing incident response, vulnerability management, and compliance with IT security policies and regulations.

Key Responsibilities:

1. Cyber Vigilance:

    - Monitor and analyze security event logs to identify potential security incidents.

    - Respond to security incidents in a timely and effective manner, ensuring minimal disruption to business operations.

2. Risk Management:

    - Conduct risk assessments and vulnerability management to identify potential security threats.

    - Develop and implement mitigation strategies to minimize risk.

3. Compliance and Governance:

    - Ensure compliance with IT security policies, regulations, and standard e.g IM8 , PDPA.

    - Develop and maintain security policies, procedures, and guidelines.

4. Incident Response:

    - Develop and maintain incident response plans and procedures.

    - Coordinate incident response efforts with stakeholders, including IT teams and management.

5. Security Awareness and Training:

    - Promote security awareness and training programs for employees.

    - Develop and deliver security training sessions to enhance employee knowledge and skills.

6. Resolution for Preventing Recurrence of Security Incidents 

·       For cases where workarounds are implemented, the ITSM shall identify the root causes and implement permanent resolutions according to the Problem Management process.

·       To assist with management/containment/remediation/eradication of security incident

·       To assist with Risk assessment and ensure minimising the risk exposure of IT asset and improve the cyber security posture.

·       The ITSM shall be responsible to close all IT security incidents in accordance with the Incident Management process.

·       For every IT security incident, the ITSM shall submit to the client an incident report in draft within one (1) day and a final version within three (3) days of incident resolution, unless otherwise agreed by the client. 

·       The incident record shall be closed only when the incident report is accepted by the client. The client reserved the right to verify the details in the incident report against the associated incident record maintained by the ITSM. The incident report shall be in the format defined by the client.

7. He/ She is required to participate in following audit activities performed by client’s 3rd party auditors or internal auditors:
(a) IT Security Review
(b) IT Vulnerability Assessment
(c) IT Security Penetration Testing
(d) IT Security Compliance Review

You bring:

1. Minimum 5 -7 years of IT experience in cybersecurity management, with a focus on incident response, vulnerability management, with governance risk and compliance.

2. Hands-on experience with security technologies, either one of the following

·       Application Security

·       Open Web Application Security

·       Penetration Testing

·       Vulnerability management systems (e.g., Tenable, Nessus)

·       Security information and event management (SIEM) systems

·       Identity and access management (IAM/PAM/MFA) systems

3. Industry-recognized certifications, must have at least one of :

·       CISSP

·       CISM

·       GIAC/CISA

·       CEH, or any other professional security certification will have an added advantage

4. Strong analytical and problem-solving skills, with the ability to analyze complex security issues and develop effective solutions.

5. Excellent communication and interpersonal skills, with the ability to communicate technical information to non-technical stakeholders.

Prefer to Have:

1. Experience with cloud security, including AWS or Azure or GCP

2. Knowledge of federal information security regulations, such as FISMA or FIPS.

3. Experience and knowledgeable in security frameworks, such as ISO 27001, Zero Trust framework, NIST Cybersecurity Framework , CIS hardening etc.