Information Technology Security Specialist

Job Scope

• Lead, oversee day-to-day IT security incidents/administration/health check current servers and network infrastructure security control.

• Monitor, response to event log & alert notification on the servers/network to proactively identify, minimize disruption & impact to the systems /network/end point devices.

• Identify IT security risks, threats, vulnerabilities in the company's technology.

• Analyze and report computer network/servers/Application security breaches or attempted breaches.

• Investigates cyber security incidents, updates, and security control documents, perform vulnerability scan and patch management, penetration test assessment, take appropriate action to minimize harm and make recommendations to corrective action.

• Perform problem management, root cause analysis, and postmortem reviews following the occurrences of all incidents, maintain incident documentation, participate in post- mortems, & establish incident reports.

• Participate in IT security assessment review, analyze business risks and creation of IT security requirements and controls to ensure that all IT related security components are implemented in accordance with the compliance guidelines.

• Take ownership; evaluate and recommend information related to IT security control & enhancements projects.

• If need be, in correcting security vulnerabilities by configure, implement, monitor, and support IT security software, systems, technologies and processes are compliant with regulatory, industry, corporate policies, procedures, and BNM Information Security standards.

• Serve & being the in-house subject matter expert to provide IT security related advice, guidance, & work with others team members in designing, implementing IT security control initiatives, risk mitigation & remediation.

• Responsible for recommending, implementing, and managing security controls for system, network, application by design system security architecture and develop detailed security designs.

• Prepare, conduct security awareness briefing, training & phishing simulation.

• Centrally facilitate, interacts with internal and external audit engagement, facilitate remediation based on agreed recommendation and associated risks pertaining to Global Information Security Group or any others corporate requirement.

• Periodical tracking and following-up with relevant party to ensure audit and compliance gaps are addressed and rectified according to committed timeline.

• Establish and maintains IT security related policies, procedures, and guidelines.

• Periodically reviewing the security related guideline & control to ensure the efficiency and effectiveness of the information security controls as a whole, recommending improvements wherever they are necessary.

• Develop comprehensive reports including assessment-based findings, outcomes, and propositions for further system security enhancement

Requirement

• Bachelor's degree in computer science, Information Security, Information Technology or

equivalent practical experience.

• CISSP, CRISC, CEH, GIAC, GCIH, GWAPT will be an added advantage.

• Minimum 8-12 years of specialization in IT related Security Technologies, IT General Control and IT Processes.

• Hands on technical experience in implement/maintain/knowledge of IT security related solution/systems, including ZeroTrust, Network Security Monitoring, NAC, L2/L3 Firewalls, Routing, Switching, IDS/IPS, Proxy, WAF, VLAN, VPN Technology, Endpoint/intrusion Detection & Response Solution, Event Management (SIEM) Technologies, Content Filtering, Encryption Technology, DHCP, DNS, HTTP, SSL, SSH, LDAP, IPSEC, DLP, O36 security components etc.

• Hands-on experience in developing, implementing, or architecting information security related solution, vulnerability scans & patch management, lead the response to audit/compliance/ IT Security incident/cyber security risk assessments, cyber security threat/logs monitoring & analysis, vulnerability/penetration assessments, source code review, response to MSS/SOC threat notification.

• Experience in prepare/conduct security awareness briefing/training, Establish & maintain information asset management, IT security related technical specifications documentation, policy & procedure.

Attractive Benefits

• EPF Contribution: 16%
• Performance bonus: Up to 5 months
• Medical, Hospitalization & Insurance Coverage
• Dental & Optical Benefit
• Car & Housing loan interest subsidy
• Hybrid working