IT SECURITY SPECIALIST

OBJECTIVES: Specialize in IT Security; implement and monitor security measures for the protection of computer systems, networks, and information to ensure that all IT related security components are implemented in accordance with the compliance against Information Security Policy and Standards, Statutory Legal and Regulatory requirements.

• Lead, oversee day-to-day IT security incidents/administration/health check current servers and network infrastructure security control. Monitor, response to event log & alert notification on the servers/network to proactively identify, minimize disruption & impact to the systems /network/end point devices. Identify IT security risks, threats, vulnerabilities in the company’s technology. Analyze and report computer network/servers/Application security breaches or attempted breaches. Investigates cyber security incidents, updates, and security control documents, perform vulnerability scan and patch management, penetration test assessment, take appropriate action to minimize harm and make recommendations to corrective action. Perform problem management, root cause analysis, and postmortem reviews following the occurrences of all incidents, maintain incident documentation, participate in post-mortems, & establish incident reports.
• Participate in IT security assessment review, analyze business risks and creation of IT security requirements and controls to ensure that all IT related security components are implemented in accordance with the compliance guidelines. Take ownership; evaluate and recommend information related to IT security control & enhancements projects. If need be in correcting security vulnerabilities by configure, implement, monitor, and support IT security software, systems, technologies and processes are compliant with regulatory, industry, corporate policies, procedures, and BNM Information Security standards.
• Serve & being the in-house subject matter expert to provide IT security related advice, guidance, & work with others team members in designing, implementing IT security control initiatives, risk mitigation & remediation. Responsible for recommending, implementing, and managing security controls for system, network, application by design system security architecture and develop detailed security designs. Prepare, conduct security awareness briefing, training & phishing simulation.
• Centrally facilitate, interacts with internal and external audit engagement, facilitate remediation based on agreed recommendation and associated risks pertaining to Global Information Security Group or any others corporate requirement. Periodical tracking and following-up with relevant party to ensure audit and compliance gaps are addressed and rectified according to committed timeline.
• Establish and maintains IT security related policies, procedures, and guidelines. Periodically reviewing the security related guideline & control to ensure the efficiency and effectiveness of the information security controls as a whole, recommending improvements wherever they is necessary. Develop comprehensive reports including assessment-based findings, outcomes, and propositions for further system security enhancement

• Bachelor’s degree in computer science, Information Security, Information Technology or equivalent practical experience.
• CISSP, CRISC, CEH, GIAC, GCIH, GWAPT will be an added advantage.
• Minimum 6 years of specialization in IT related Security Technologies, IT General Control and IT Processes.
• Minimum 6 years hands on technical experience in implement/maintain/knowledge of IT security related solution/systems, including ZeroTrust, Network Security Monitoring, NAC, L2/L3 Firewalls, Routing, Switching, IDS/IPS, Proxy, WAF, VLAN, VPN Technology, Endpoint/intrusion Detection & Response Solution, Event Management (SIEM) Technologies, Content Filtering, Encryption Technology, DHCP, DNS, HTTP, SSL, SSH, LDAP, IPSEC, DLP, etc.
• Min. 6 years of related hands-on experience in developing, implementing, or architecting information security related solution, vulnerability scans & patch management, lead the response to audit/compliance/ IT Security incident/cyber security risk assessments, cyber security threat/logs monitoring & analysis, vulnerability/penetration assessments, response to MSS/SOC threat notification.
• Experience to lead & participate in Project Implementation
• Vendor sourcing, process PO & payment request
• Excellent analytical and problem-solving skills, results oriented, self-motivated, good interpersonal skills, flexible, independent.
• Excellent presentation skills, written and communications skills.
• Ability to work on own initiative with minimal supervision, excellent time management, priorities and organizational skills to work on multi-tasks with high sense of urgency and tight deadlines.
• Must be able to handle & provide after office hours on urgent incident support request