IT Auditor (Risk, Security & Compliance)

AGES is a comprehensive solutions provider for various cyber and IT applications. Established in 2004, the company is accredited as a Qualified Security Assessor (QSA) organization and offers independent security audits, assessments, and compliance validation services.

AGES focuses on addressing security threats arising from business dependencies on technologies, particularly in payment and mobile security controls. The company aims to establish a more secure platform for these industries and to integrate sustainability and ESG initiatives into its core operations, with a view toward becoming a global top audit provider for security programs.

As a pioneer in cryptography, cyber security, and related payment environments, AGES brings together experts across cyber technologies, cryptography, payment systems security, IT security, systems development, project management, and business development. The team has experience with organizations such as PCI SSC, MasterCard, VISA, AMEX, JCB, Diners/Discover, NPCI – RuPAY, and UnionPay International (China UnionPay – UPI).

AGES is committed to PCI Card Production and Provisioning (CP) security assessments that cover physical and logical security, cybersecurity, information security, network and data security, and cryptographic key management.

• We are looking for competent individuals to join our team to conduct security assessments and vulnerability testing relating to the payment and IT security industry.
• To evaluate technologies against cybersecurity standards and stay current on IT security regulations and standards (e.g., PCI CPSA, PCI DSS, PCI 3DS).
• Undergo company bond-sponsorship for industrial professional certifications, courses, examinations, and overseas on-the-job trainings.
• Weekly traveling is required.
• This role is suitable for a highly organized individual with strong language skills, excellent interpersonal abilities, good writing skills, and a keen interest in IT to join our expert IT auditing and security team.

1. Conduct compliance assessments, provisioning of assessment reports, perform vulnerability scans and network penetration tests for local and overseas customers (if required), and contribute to the enhancement of the in-house penetration test system - PAYGE, including system security testing and quality assurance activities.
2. Perform network penetration testing following the NIST SP 800-115, using tools such as Metasploit, Wireshark, Nessus, Nikto, Nicat, John the Ripper, AppScan, Greenbone, and Netcraft.
3. Configure VM images for VM Box used for vulnerability scans and network penetration tests; VM images may deploy Kali Linux.
4. Engage with clients in scope, including but not limited to organizations certified under PCI CP and PCI DSS programs, for assessments and testing.
5. Document work papers, prepare reports, ensure quality assurance, and attend in-house training sessions.
6. Perform any other ad-hoc tasks and job rotations as assigned by your reporting officer.

• Degree in Computing or equivalent (with relevant industry certifications) with a minimum of 1 to 10 years of IT experience.
• Able to travel weekly for short trips.
• Ability to speak and write for Taiwanese-speaking clients.
• Certified CISA and CISM/CISSP preferred.

AGES offers a friendly working environment with a highly motivated and hard-working team. This role suits those who enjoy verifying information, have an inquisitive mind, are effective communicators, and enjoy challenging themselves to make a positive impact for clients and colleagues.

The IT security and audit industry is fast-paced and busy, and we seek colleagues with a positive, results-focused attitude who may travel worldwide for work-related projects.

With broad experience and strong technical and communication skills in the payment security assessment domain, this role can lead to opportunities in IT Risk Management, IT Compliance, Technology Operations, and Cyber Information Security.

To find out more about us

www.ages-sg.com