Lead Engineer - TISO (Cyber Risk Management & Services)

Position Overview

As the Technology Information Security Officer (TISO), you are responsible to provide security advisory to the project teams which includes Cybersecurity Risk Assessment, review of Technical Design Spec(TDS), Operational Acceptance Test (OAT), and System Security Assurance Test (SSAT). You are responsible to perform cybersecurity risk assessment for Synapxe-managed projects and systems. You are also expected to lead a team of TISOs.

Role & Responsibilities

• Provide guidance to Business Services Group (BSG) in ensuring that projects/systems comply with Company’s IT security policies and the relevant legal and regulatory frameworks (such as PDPA or Cybersecurity Act) throughout the projects/systems lifecycle

• Perform security risk management, including identification, assessment and provide treatment of security risks associated with systems handled by Business Services Group. Risk assessment must be performed in accordance with the Company’s cybersecurity risk management framework

• Provide guidance to Business Services Group related to vulnerability assessments, source code review and penetration testing so that remediation actions can be undertaken by Business Services Group within the agreed timelines

• Provide security consulting and advisory to Business Services Group

• Review RFP proposal compliance with security requirements

• Review architecture design developed by Enterprise/Solution/Security Architect

• Perform cybersecurity assurance activities across the different stages of SDLC

• Evaluate risks related to third-party vendors, products and identify mitigating measures

• Perform independent assessments of the technical security controls implemented within the projects/systems to determine the overall effectiveness of the controls

• Review and propose improvements to IT security policies, framework, standards, procedures and best practices

Requirements

• Degree in Computer Science, Information Systems, Engineering or equivalent

• At least 12 years of IT security experience in more than one of the following: security governance, risk management, application security design, security project management, security operation, cloud security technologies, network access, identity, governance and access management, privileged access and identity management, security information and event management

• Strong risk management principles, risk articulation skills, cloud technologies, network security, data protection

• Knowledge of cloud platforms such as AWS, Azure or Google cloud is desirable

• Professional security certification such as CISSP, CISM, CISA, CCSP, CRISC or other similar security certifications are advantageous

• Self-motivated with the ability to work independently with minimal supervision and willingness to listen

• Strong interpersonal and stakeholder management skills with good written and verbal communication skills