My client is one of the leaders in the sustainability and business risk industry, they provide solutions to their clients to make them monitor and analyze their business risk and sustainability. They are providing analytic solution since 2004 and the scope of their services includes data analytics, program management and effectiveness, social responsibility, and sustainability etc. My client is continuously growing with new implementations of data-driven applications. They are currently looking for a Information Security Manager to join the APAC team
- Lead IT projects that cover Infrastructure and Security; establishing specifications, functional requirements and test plan.
- Involved in end-to-end project management of information security from deployment, rollout, to post implementation.
- Manage deployment of Security Controls & Framework and DevSecOps best practices
- Detect and identify any security vulnerabilities and generate recommendations on remediation actions
- Manage and handle information system security operations
- Lead security assessment initiatives, detect and monitor security vulnerabilities and suggest remediation actions
- Ensure company wide security posture by completing, penetration testing, mock-phishing and end user information security education
- Take charge of incident investigations and remediation action
- Apply best practices around security, SDLC/code compliance against OWASP Top 10, log review and monitoring, etc.
- Bachelor’s Degree in computer science or IT-related discipline
- 5 years+ working experience on Information Security such as Application Security, and security architecture
- Proven track record of using AWS or Azure
- Good understanding of CI/CD and Terraform
- Familiar with various IT governance framework CobiT, PCI-DSS, NIST, ISO27001, ISO20000, ITIL respectively
- Experience in Security Operations, SOC, SIEM, Incident Response, and Threat Intelligence is preferred;
- Experience in Penetration testing and common vulnerability assessment tools, as well as, using MITRE ATT&CK or similar frameworks;
- Practical experience of technical and security configuration, operation and administration in Windows OS, Active Directory, Domain Group Policy, Networking, security devices (firewall, NAS, etc.) are essential;
- Possess CISSP, CSX, CISA, CISM or other information systems security certifications preferred