See job description for details
- Compliance to customer's security policy and process e.g. government IM8 security policy
- Monitor and track security advisory assessment and recommendation
- Develop and maintain Security hardening standards and polices
- Perform routine compliance checks from security perspective and remediate non-compliance.
- Review and development of information security policies, standards, processes, procedures and guidelines in accordance with cybersecurity best practices
- Administer compliance with these policies and procedures through ongoing security reviews, audits and assessments.
- Conduct security risk assessment, business impact analysis and develop security risk treatment plan.
- Collaborate with stakeholders for risk management, mitigation and remediation measure.
- Collaborate with Technical Leads on security testing.
- Develop in the security awareness training program to foster a secure culture, improve security awareness and compliance.
- Partner with internal and external audit teams, to manage and effect audits from a compliance & point-in-time perspective, to a risk-driven, continuous proactive compliance approach.
- Point of contact to assist and advise on ICT security related matters.
- Create security metrics to communicate security posture and risks to management.
The ideal candidate should:
- Degree/Diploma or higher in Computer Science, Information Systems or equivalent
- At least one security certification is preferred, such as CISM, CRISC, CISA or CISSP
- At least 2-5 years of experience in cyber/IT Risk Management, Governance or Compliance.
- Understanding of control and risk management concepts including control testing, risk assessments, risk treatment and third party risk.
- Knowledge of risk management policies, methods, standards, processes, governance models, and both quantitative and qualitative risk analysis approaches.
- Knowledge of common information security management frameworks, such as ISO 27001-5, COBIT and NIST, including 800-53 and Cyber security Framework.