PURPOSE OF THE ROLE :
This role is responsible in identifying & managing risks associated with Information Communications Technology. Role includes identifying, assessing, treating & mitigating risks associated to OML daily operations.
And also advise to OML Management when it comes to ISRM Matters both operational, strategic and long term views.
ROLE ACCOUNTABILITIES :
Development of Information Security Framework which outlines Company Security Objectives, Code of Ethics, Roles and Responsibilities, Risk Management and methodology, Incident Management, and among others to ensure implementation of the information security Goals
Performs Information Security Architecture review to ensure communication over IT and Mobile / Telco network are conducted in a secure manner.
Enforcement on Application Security and Software Development Life-cycle (SDLC).
Enforce the relevant mandatory security controls and various gating points before a project / system is allowed to go live (e.
g. risk assessment, security design, security testing, etc.) alongside Security MS Partner.
Manage Penetration Testing and Vulnerability assessments (e.g., Definition of RFP, Scope of Work, Deliverables, ensure project completion based on agreed scope, etc.
alongside Security Partner.
Support Company Threat and Vulnerability Management Monitors IT threats that are reported externally (e.g., SANS, US-CERT etc.
and discovered internally and coordinates the timely communications and remediation.
Support Risk Management - Risk analysis, Assessments and Testing. Coordinates with various IT and Business units and ensures that IT Risks are managed and documented.
Participate in critical projects Go / No-Go decision and ensure that all critical requirements (e.g., closure of critical security issues, ensure availability monitoring, etc.
on security, functionality and process are considered.
Manages the Security MS Partner day to day activities, KPI and SLA’s.
Conducts weekly Security working group meeting including follows plus conducts monthly Security Governance Meetings with Management.
And report to senior management on security plans (security projects, security technologies etc)
Prepare Information Security report as required by external party such Ministry of Transports and Communications and other Government requirements.
EXPERIENCE AND QUALIFICATIONS :
Bachelor Degree in computer engineer or IS or Equivalent Qualification etc.
12 +years of working experience in ISRAC / Telecom / Banking Industry.
Good understanding of Security Operations Management, systems and applications
Good knowledge in Security standard ISO 22301 & ISO 27001, BS 7799 etc
Other qualification preferred, CISSP, CISM, CRISC,CISA, BCCE, AMBCI,CWNA
Excellent communications skills
Some Audit experience
Technical Competencies Leadership Competencies Cyber Security Develops Talents IS Governance Global Understanding & Perspective IS Risk Management Business Insights IS Compliance & Audit Telecom Market & Industry Knowledge Note : you will be required to attach the following :
1. Resume / cv