IT Security & Compliance is responsible for project to ensure security practices and technology are deployed and aligned. The increasing threats on information security & governance, has put pressure on IT to ensure continuity while serving the complex business needs. Support assigned Local or group IT Security Project.
Key Responsibilitie
- Review the security compliance during project initiation, implementation, coordination and reporting as assignekd
- Define an integrated Data Protection Framework consisting of policies, standards and guidelines aligned to industry & regulatory requirements
- Review and validate Information Security Review in order to make sure new provisioned system align with company standard and regulation
- Review and analyze Firewall Rule to ensure there's no violation rule
- Prepare, Plan and conduct ISO27001 Audit to make sure our company align with international standard industry and regulatory requirement
- Plan and implement system with group to prevent, detect, react and remediate information security events
- Review of logs, forms, reports, and other incident documentation
- Review Information Security related project to identify business and technical security requirements, design security controls and test their effectiveness ensuring the product implemented address both business and security needs
- As part of the governance process, assist BISO to review and assess the Security Configuration Baseline for OS and Patch level of various IT systems and components to ensure compliance to FWD Policies and Standard
- Work closely with IT Infra & IT Developer team in local to manage and remediate pen-test application and infrastructure
- Work closely with related parties to plan and implement Security Initiative Change
- Work closely with IT Infra and IT Developers to manage and provide web application certificate to ensure our website are trusted and secure
- Plan and manage execution of IT key strategic initiatives and deliver supports for key business initiatives/projects
- Work closely with IT Developer Team to make sure no critical vulnerability when developing apps
Key Qualifications
- Minimum 5 years of experience in IT Security & Compliance
- Bachelor's Degree in Information Technology or a related field
- Proficient in using Intune, Black Duck, and Coverity for source code security reviews
- Strong knowledge in incident detection, analysis, response, and remediation of security events
- Experience in engineering, configuration, and troubleshooting of security systems
- Familiarity with ISO 27001 and PCI-DSS is an advantage
- Good understanding of endpoint protection, including servers, laptops, PCs, and firewalls
- Strong knowledge of Next-Generation Firewalls (NGFW), Security Information and Event Management (SIEM), and Web Application Firewalls (WAF)
- Knowledge of cloud computing is an advantage
- Fluent in verbal and written English.
