IT Security Specialist

OBJECTIVES: Specialize in IT Security; implement and monitor security measures for the protection of computer systems, networks, and information to ensure that all IT related security components are implemented in accordance with the compliance against Information Security Policy and Standards, Statutory Legal and Regulatory requirements.

• Lead, oversee day-to-day IT security incidents/administration/health check current servers and network infrastructure security control. Monitor, response to event log & alert notification on the servers/network to proactively identify, minimize disruption & impact to the systems /network/end point devices.
• Identify IT security risks, threats, vulnerabilities in the company’s technology. Analyse and report computer network/servers/Application security breaches or attempted breaches. Investigates cyber security incidents, updates, and security control documents, perform vulnerability scan and patch management, penetration test assessment, take appropriate action to minimize harm and make recommendations to corrective action.
• Perform problem management, root cause analysis, and postmortem reviews following the occurrences of all incidents, maintain incident documentation, participate in post-mortems, & establish incident reports.
• Participate in IT security assessment review, analyse business risks and creation of IT security requirements and controls to ensure that all IT related security components are implemented in accordance with the compliance guidelines. Take ownership; evaluate and recommend information related to IT security control & enhancements projects. If need be in correcting security vulnerabilities by configure, implement, monitor, and support IT security software, systems, technologies and processes are compliant with regulatory, industry, corporate policies, procedures, and BNM Information Security standards.
• Serve & being the in-house subject matter expert to provide IT security related advice, guidance, & work with others team members in designing, implementing IT security control initiatives, risk mitigation & remediation. Responsible for recommending, implementing, and managing security controls for system, network, application by design system security architecture and develop detailed security designs. Prepare, conduct security awareness briefing, training & phishing simulation.
• Centrally facilitate, interacts with internal and external audit engagement, facilitate remediation based on agreed recommendation and associated risks pertaining to Global Information Security Group or any others corporate requirement. Periodical tracking and following-up with relevant party to ensure audit and compliance gaps are addressed and rectified according to committed timeline.
• Establish and maintains IT security related policies, procedures, and guidelines. Periodically reviewing the security related guideline & control to ensure the efficiency and effectiveness of the information security controls as a whole, recommending improvements wherever they is necessary. Develop comprehensive reports including assessment-based findings, outcomes, and propositions for further system security enhancement