To elevate the Group’s security posture through proactive analysis and mitigation of cyber security threats and risks, especially in cloud platforms and web applications. This position plays a pivotal role in leading a team to implement security assessments, measures and processes through security engineering, penetration testing and other assessment methodologies to safeguard the environment against cyber security threats.
JOB OBJECTIVES
- Build an application security and penetration testing capability aligned to a recognised industry standard framework.
- Lead, mentor, and manage a team of cyber security specialists in performing security assessments and penetration testing on internal and cloud-based systems.
- Deliver, execute, and update the organization's cyber security strategy, policies, processes and tooling for continued security improvements.
- Monitor and analyse cyber threat intelligence and implement advanced security tools and techniques to identify and mitigate vulnerabilities.
- Spearhead and perform security architecture reviews, security assessments, vulnerability assessments and penetrating testing. Develop mitigation strategies and drive remediation efforts to close identified risks.
- Drive blue/red/purple teaming exercises to identify gaps and build SIEM/SOC use cases for proactive detection and prevention of potential threats.
- Engage with relevant teams to ensure effective response to and containment of security incidents, including post incident recovery and forensic investigation for root cause analysis.
- Manage relationships with security partners and vendors, foster compliance with IT and organizational policies, and compile cyber security reports for management and stakeholders.
- Promote a collaborative learning environment, ensure team capacity and skill alignment, and set clear performance management plans and KPIs to achieve security objectives.
- Maintain external attack surface management repository, keep abreast of emerging security issues, threats, and state-of-the-art mitigation strategies, sharing insights to bolster the Group's security posture.
QUALIFICATIONS
- Relevant penetration testing certification such as Offensive Security Certified Professional (OSCP).
- Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), etc. will be an added advantage.
JOB-RELATED KNOWLEDGE & EXPERIENCE
- 3-4 years (Diploma) or 2-3 years (Degree) of experience in the IT environment.
- Strong knowledge of configuration and design of IT cyber security systems within an enterprise environment.
- Strong knowledge of maintenance and support of IT cyber security systems.
- Strong knowledge of IT governance and cyber security practices.
- Strong knowledge and understanding of risk and compliance management.
JOB-RELATED SKILLS
- Excellent written and verbal communication skills.
- Ability to manage ambiguity/complexity.
- Able to cultivate innovation.
- Ability to collaborate cross-functionally.
- Ability to establish and maintain strong relationships with stakeholders at different levels.
- Cyber Security Management.
JOB-RELATED COMPETENCIES
- Leading and Supervising.
- Delivering Results and Meeting Customer Expectations.
- Relating and Networking.
- Applying Expertise and Technology.
- Adapting and Responding to change.
- Deciding and Initiating Action.
- Presenting and Communicating Information.
#J-18808-Ljbffr
