IT Security Consultant (PCI-DSS, ISO 27001)

This role is responsible to manage information risk, to ensure compliance of Security Standards practised by the services/organization and to provide security support on application, projects and to prevent the unintentional, unlawful, or unauthorized disclosure, alteration, or destruction of IT resources.

• Responsible to manage operational IT Security for a high availability financial service and work on the reporting & improvement as well as facilitate in audits and trainings.
• To drive Analysis & handling of security vulnerabilities & incidents.
• Establish, maintain and review compliance with Operational Security processes and procedures periodically and to ensure these are met and monitored.
• Establish, maintain and review strict access control to information and IT systems according to business needs and access policies.
• Perform Access Management activities (grant, change and revoke access privileges).
• Establish and maintain an environment that complies with the Payment Card Industry Standards & Requirements, the Information Security Management Framework and other applicable security standards and Baselines.
• Monitor and manage security controls (system settings, logs, alerts, audit trails, attempts, violations, faulty logons, lockouts, etc.)
• To work closely with clients/ application/ infrastructure owners in applying and implementing the new security changes/solutions (e.g, protection concept, security specifications, architecture and design, security assessment).
• Exposure and to work on Security Operation Center (SOC) Tools, maintenance and operations support.

• Knowledge/ Exposure on Baseline controls a.k.a environmental controls, application generic control, Third Party Access controls and Legal and Regulatory controls
• Understanding and exposure working with External auditors on ISAE 3402, PCI-DSS compliance and other mandatory standards, health and safety, ISO/IEC 27001:2005, 27002:2005 and 27005:2008 . Internal
• Maintaining mandatory standards, health and safety, ISO/IEC 27001:2005, 27002:2005 and 27005:2008
• Self-starter who can work autonomously and independently and willing to learn and explore compliance and IT security.
• Good written and verbal communications, and ability to productively interact across internal/external stakeholders, auditors and functions.
• Broad understanding of security technology, IT security Standards and compliance.

• You have a university degree, followed by depth experience in the field of Governance or Compliance with focus on IT security.
• At least 1 year of working experience in IT Security & Compliance.
• Self-motivated and able to work independently as well as a team player.
• Good to have: - Cards and Payment domain knowledge, Exposure or understanding on PCI DSS, PCI PA-DSS, Security Industry standards, IT Security and Assurance, TIA Knowledge/ practice, Infrastructure Security Knowledge/ Practice, Multiple OS and AD Knowledge practice and SIEM Knowledge / Practice. - Experience in an IT operations-related field such as IT Security, IT Admin, Disaster Recovery or Maintenance of SOC tools