consultant, IT Security

Scope of work for the IT Security systems and devices:

1. IT Service Management
2. Cybersecurity Incident Management
3. IT Security Management
4. IT Security Compliance & QA Management
5. Risk Management
6. Security Operation and Monitoring tool Management

• Monitor and report on the SLA/KPI of the in-scope systems, grouped under the System Family, to the client.
• Liaise and work directly with client (stakeholders, Ops Managers and/or Contractors) for purpose of project delivery and maintenance support.
• Monitor and update client on operation concern and/or compliance matters and propose resolution.
• Provide monthly summary and/or progress report on systems health, statuses, risk status and status of CR/SR and System Problem.
• Conduct and/or participate in management update meetings – Operations, Audit and Management Meeting.
• Review reports from Operations & Support (O&S) project teams within the System Family.
• Provide support to O&S Project teams during Audit, DR/BCP, Backup & Recovery exercise.
• Propose continuous improvement initiatives with recommendations to strengthen IT governance & compliance, increase efficiency on work quality and processes.
• Prepare Management plan and submit compilation to the Client annually.

• Periodically review IT asset inventory (hardware, software, network equipment, network attached equipment and end-points) records maintained and updated by Client appointed Asset Officer.
• Maintain oversight and review the Obsolescence at System Family Level.
• Prepare and submit report to Client.

• Lead investigation and resolution of Security incident.
• Conduct root cause analysis and recommend improvement solution for recurrent incident to Client.

• Schedule security scan for identified systems according to policies and verify all vulnerability rectifications are satisfactorily performed.
• Conduct Security Review on System Access and administration patterns weekly, and report unusual or suspicious activities, if any, to client.
• Track, mitigate and deploy patch security vulnerabilities accordingly to the stipulated timeline. Maintain oversight and submit reports on monthly basis.
• Escalate and/or seek Client’s acceptance and approval of assessed risks.
• Manage and administer any security monitoring tools including Splunk, ArcSight, EDR – are addon advantage.

• Ensure compliance status of the Systems adheres to applicable standards, polices, directives and guidelines.
• Review weekly/monthly account review based on the requirements.
• Review weekly/monthly log review based on the requirements.
• Declare, review and report compliance status to head office annually.
• During audit exercise, work with stakeholders to provide responses and evidence to auditors or compliance related declarations.
• Provide a Rectification Plan on any gaps found.
• Provide rectification plan for issues arising from audit.
• Seek waiver on compliance whenever it is justifiable.
• Ensure all applicable standards, policies, directives, guidelines, deliverables and quality assurance records are filed and kept up to date for audit and review purposes.
• Work with Client on system enhancement required for policy changes and audit requirements.

• B.E/B.Tech or any qualified Degree in Information Systems, Computer Science or similar relevant field.
• Certification in CISSP / CISA / CISM / CRISC / CGEIT for IT Security is a must.
• At least 5 years of relevant experience in Cybersecurity / information systems security practice including governance, managing security policies and systems and assessing threats and vulnerabilities with at least 10 years of IT experience.