• Oversee security of IT systems & infrastructure across the Organization and also to ensure stability and availability of IT critical systems which have major impact to ensure business continuity.
• Responsible for ongoing risk assessment for IT Infrastructure, System & Process and ensure compliance to regulatory standards, practices and guidelines (e.g. ISMS, GPIS).
• To report promptly any breach of law, regulation, the company’s code of conduct or other company policies and guidelines to immediate superior.
• Establish and improve the processes for IT security management system.
• To administer and enforce IT Security Policies, Procedures, Standards and Process to all IT systems and networks.
• Conduct operational and process reviews in compliance with all regulatory standards (e.g. ISMS, GPIS).
• Consult on effectiveness of corrective actions pertaining to closure of audit findings.
• Assess / Respond / Investigate IT security vulnerabilities and risks. Additionally, to ensure corrective action plans are initiated and monitored.
• Evaluate, recommend and implement security tools and services to align security posture according to business need.
• Responsible for security & policy administration of nominated systems, ID management, program movement/version upgrade.
• Responsible for incident & problem analysis and ensure countermeasure is implement to prevent reoccurrence.
   

Requirements:

• Bachelor’s Degree holder in Computer Science/Information Technology/Information System or equivalent.
• Minimum 5 years of IT security & risk exposure in service-provider / vendor or financial institution.
• Preferable with knowledge on networking, Windows/Linux/UNIX/AS400 operating system security.
• Preferably with CISSP, CISM or any other professional certification of IT/IS Security.
• Familiar with standards and requirements such as ISO27001, PCIDSS and that of financial authorities (e.g. GPIS/RMiT) will be an added advantage.
• Broad knowledge of IT Security and control solutions including Firewall, Security Incident Event Management (SIEM), Intrusion Detection System (IDS), Anti-Virus, Compliance Monitoring Tools, Data Leakage Protection (DLP), Web Application Firewall (WAF), Web Proxy Gateway & File Integrity Management (FIM).