Info Security Manager

  • Competitive
  • Kuala Lumpur, Federal Territory, Malaysia
  • CDI, Plein-temps
  • Standard Chartered Global Business Services Sdn Bhd
  • 15 févr. 19

Info Security Manager

Job Description - Security Engineer


ROLE

Business Title: Security Engineer
Grade: 6
Business Unit: ITO, Technology Services, Security Technology Services
Job Family: Security Technology Services
Location: KL, Malaysia
REPORTING RELATIONSHIPS:

Reports Directly to: Senior Risk Manager
PURPOSE:
Security Technology Services (STS) is a critical function within Standard Chartered Bank operating under the overall purview of "Technology Services" .

The STS team is made up of cyber security thought leaders, who are accountable for the provision of a global set of cyber security services and products in order to maintain and continuously improve Bank's cyber security posture in today's ever evolving cyber security landscape.

The STS team protect the Bank from cyber security threats by delivering effective information security technology services, managing and responding to security incidents to ensure, and support the continuity and growth of Bank's business operations; and meet the both internal and external stakeholders' expectations across 70+ countries and territories, in which SCB operates.

The successful candidate will work in a highly skilled and high performing team as the principal security engineer and expert for multiple infrastructure domains. They will design, and implement security solutions as well as provide level 3 support to the operations teams.

RESPONSIBILITIES:

  • Subject matter expert responsible for the review, design and implementation of security solutions that meet current and future needs of the organization.
  • Define the requirements, scoring criteria, and conduct proof of concept reviews of new products to determine the best technology to implement.
  • Writing of process documentation for deployed solutions.
  • Final escalation point for deep technical security issues.
  • Managing and dealing with technical as well as senior stakeholders, including peers from other departments


KEY STAKEHOLDERS:
· Security Technology Service domain heads

COMPETENCIES (KNOWLEDGE & SKILLS):
Qualifications & Skills:

Essential
The applicant must be able to demonstrate most or all of these skills or abilities.
Additional
The ability to demonstrate any of these skills or abilities will help your application.
Communications
A strong command of spoken and written English.
Demonstrable ability to engage with customers across technology teams and provide remotely located management with confidence that priorities are well attended to.
Soft Skills

  • 5+ years experience working in a team delivering technology centric customer focused services.
  • Involvement with process improvement initiatives.
  • 3+ years working on large scale projects.
  • Successfully delivered at least 1 large project.
  • Prior experience in running Proof Of Concept testing.
  • Self-starter, ability to work independently without direct supervision.


  • 10+ years experience in a multinational financial institution.
  • Experience in balancing conflicting priorities and negotiating an acceptable resolution.
  • Experience in using metrics to highlight and report issues.
  • Project leadership experience for complex projects.
  • References to service improvements personally led or championed.

Security Skills

  • A sound grasp of basic Information Security principles.
  • Track record in designing and delivering security related solutions.
  • A basic understanding of information risk management practices.
  • Experience in defining corporate technology standards.


Expert level experience in at least one or more of the following, with some level of experience or knowledge in most:

[Unix]

  • 5+ years hands-on experience in Unix/Linux engineering and system administration.
  • Excellent understanding of Unix security and hardening practices.


[Windows]

  • 5+ years hands-on experience in Windows engineering and system administration.
  • Excellent understanding of Windows security and hardening practices.


[Active Directory]

  • 5+ years hands-on experience in Active Directory engineering and system administration.
  • Excellent understanding of how Active Directory works past the GUI interface.


[VA and Malware]

  • Ability to assess, reverse engineer or dissect vulnerabilities and malware.
  • Experience in deploying and managing enterprise level antivirus infrastructure.
  • Good understanding of Web Proxy and E-mail infrastructure.


[Database]

  • 5+ years hand-on experience in Database management and engineering.
  • Familiar with at least 2 major database flavours.
  • Good understanding of Hadoop and Big Data.
  • Prior experience with Database Activity Monitoring solutions.


[Security Monitoring]

  • 5+ years experience in implementing and configuring SIEM tools.
  • Good understanding of the logging/auditing systems used by major vendors, including those on Operating Systems, Databases and Network equipment.
  • Experience in scripting on both Unix and Windows.
  • Ability to define and design meaningful security reports from data caught within SIEM tools.
  • Prior experience with Database Activity Monitoring and Host Intrusion Detection solutions.

[Cloud and Virtualisation]

  • Engineering level experience with VMWare's virtualisation technologies.
  • Good knowledge and understanding of cloud technologies with the ability to perform technical security assessments as well as deploy solutions into a cloud service.

[Messaging]

  • 5+ years hands-on experience with Microsoft Exchange and OCS/Lync
  • Good knowledge of messaging related protocols such as SMTP, IMAP, MAPI, EAS.
  • Good understanding of e-mail related Malware defences and Antispam technologies.


[Firewall and Webservices]

  • 5+ years hands on experience with managing Proxy and Webservers
  • 3+ years experience in configuring and designing Firewall solutions.
  • Good understanding of NIDS as well as APT and DDoS detection and mitigation technologies.


[Network]

  • Excellent understanding of TCP/IP networking fundamentals.
  • Good understanding of NAC and VPN technologies.
  • Basic understanding of multifactor authentication systems and how to integrate them in Networked systems.


[Forensics]

  • 3+ years hands-on experience with a leading forensics tool such as Encase or FTK.
  • Ability to deploy and configure a forensics tool from scratch and establish corresponding processes.
  • 1+ years experience in leading forensics investigations.
  • Good understanding of common file systems such as NTFS, EXT2 and how to recover deleted files from them.


  • Knowledge of security related standards such as ISO27k, Common Criteria, MAS TRM, PCI-DSS.


[VA and Malware]

  • Knowledge of machine language, ability to disassemble and analyse binary code.


[Database]

  • Prior experience with Imperva SecureSphere DAM.


[Security Monitoring]
Prior experience with Splunk

Educational

  • Diploma or Bachelor Degree in Engineering, Computer Science/Information Technology or its equivalent.


  • An Information Security degree, qualification or certification for example from: RHUL, SANS, EC Council, (ISC)2.
  • Project Management qualification.

Technical skills

  • Good understanding of TCP/IP networking concepts.
  • Strong knowledge of either Unix or Windows.
  • Experience of installing and configuring solutions.


  • Able to perform complex data manipulations and analysis in either MS Excel or MS Access
  • Process Improvement techniques.
  • Knowledge of SQL.
  • Knowledge or either Unix or Windows scripting languages.
  • Good knowledge and prior exposure to forensic technologies and practices.