IT Security

Review Information Security (IS) baseline set by PCA and GHO.

Develop, review, and enhance IT Security policies, procedures, standards, and technical baseline configurations.

Ensure effective operation of IT Security-related policies and procedures.

Handle IT security for infrastructure: Privileged ID Management, Firewall control, VPN control, Key management, Infrastructure Security projects.

Handle application and user security: application project support, identity and access rights management, VPN account management, end-point security management.

Periodically evaluate IT security status across infrastructure, applications, and databases highlight risks and provide recommendations to the Information Security Manager (ISM).

Managedetectionsand securityincidentprocesses: discovery, recovery, reporting act as primary support during incidents and escalate repeated issues to ISM.

Ensure safety of privileged account passwords.

Handle IT Security& IAMrequests: user administration, password resets, account housekeeping per policies.

Provide security consultation during application and network architecture design and implementation.

Participate in IT DRP to ensure IT security matters are adequately addressed.

Manage AS/400 and Life/Asia user access: create,modify, delete accounts assign authorities per procedure and conduct semi-annual access reviews.

Conduct assessment design checkpoint foreachproject

Ensuring security tools are covered in allassets

Review and assessDevSecOpsprocess, ensure there are no critical and high vulnerability allow before CAB

ConductTabletop exercise with CMT member to ensure awareness if any incidenthappened

Provide SSL certificate and private key

Ensuring internet application and all API that internet facing is covered by Web applicationfirewall

manage and track remediation action forbitsightandwatchtowrreport

Conduct vulnerability assessmentand security baselineand coordinate with system owner to remediate thevulnerabilitybased on SLA

Coordinate with GISP and system owner to conductPentest for internet facing application mobile, webapplicationand infrastructure

As Local solution review member to ensure the project meet with our requirement

Manage the lifecycle of BitLocker recovery keys, including secure storage, retrieval, handover, and revocationin accordance withapproved procedures and access control requirements