Cyber Security ManagerLocation: Petaling Jaya |
Job ID: IRP3 |
Specialization: IT OR COMPUTER NETWORK OR SYSTEM OR DATABASE ADMIN Job description:
The role will require in-depth understanding of information security, technology architecture and business security. Successful candidates will be expected to demonstrate relevant experience working in a dynamic environment dealing with complex challenges, and communicating to all levels of the business. JOB DESCRIPTION Work closely with the senior IT Services stakeholders to ensure that appropriate security guidance is provided to support project delivery; Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation. Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the organization. Provide risk-based direction in conjunction with IT Services for future system enhancements in line with the overall firm’s & clients strategy; Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action. Develop and oversee effective disaster recovery policies and standards to align with enterprise business continuity management program goals. Coordinate the development of implementation plans and procedures to ensure that business-critical services are recovered in the event of a security event. Provide direction, support and in-house consulting in these areas. Provide subject matter expertise to support business relationship management functions. Act as Data Protection Officer ensuring systems and the information within them comply with current and future (as much is known) requirements. Ensure Privasia has an effective Data Classification process in place Ensure Privasia as an effective data retention and archiving process in place Take ownership and ensure Governance, Policy and Procedures in relation to Management of Information Security meets agreed standards within Privasia.
Technology Risk Assurance Have responsibility for scoping penetration testing activities to identify security weaknesses within Privasia's technology environments; Develop a culture of in-depth understanding as to why security testing is required at both business and internal team level; Analysis of information protection technologies and processes to identify technology security weaknesses; Develop risk assessments of data processing systems to confirm the design of logical controls are effective and meet regulatory and legal requirements Provide quality reports to summarise test activities, including objectives, planning, methodology, results, analysis and recommendations to both technical and non-technical audiences. Provide oversight and guidance during security incidents and investigations, ensure root cause analysis is undertaken and input suggested approaches to deal with lessons identified; Assist in the enhancement of delivery and management of key technology security platforms including SIEM, PAM, TVM and DLP; Provide continuous improvement to the Technology Security function; Collaborate with IT Services to develop and maintain secure technology solutions; and Actively contribute to the overall Privasia risk management framework reporting to the Head of Risk & Compliance ensuring consistency in the advice we provide to the business.
SKILL ISACA Certified Information Security Manager; Broad knowledge of a wide range of Information Technology systems and a deep understanding of the inherent security risks associated with these technologies; Able to establish the information security strategy for the organization and lead the implementation of the strategy. Understanding of information security principles and best practice (e.g., ISO27001, NIST and ISF Standards of Good Practice for Information Security); Strong technical abilities, combined with business acumen; Ability to present security topics to a non-technical audience and presenting the business value of security; A good understanding of IT networking and access management concepts; Ability to understand and assess technology systems and applications from both a technical and business function perspective; Ability to communicate business and technical risk to all levels of audience; Excellent interpersonal skills with the ability to build and influence teams; and self-motivated Apply Now Back to Job Vacancies |