Job Description
RESPONSIBILITIES:
Develop, implement and monitor a strategic, comprehensive enterprise information security management framework and IT risk management program.
Provide risk assessment and security briefings related to security issues for all new and existing systems and remains familiar with the Company’s goals and business processes so effective controls can be put in place for those areas presenting the greatest information security risk.
Communicates risks and recommendations to mitigate risks to the senior administration by communicating in non?technical, cost/benefit terms and in a format relevant to senior administrators so decisions can be made to ensure the security of information systems and information entrusted to the Company.
Oversees all ongoing activities related to the development, implementation, and maintenance of the Company’s information security policies and procedures by ensuring these policies and procedures encompass the overall security of electronic information at rest or in motion within the system and assisting departments in local process and procedure development, ensuring they are not in conflict with Company policies.
Assists other departments to ensure regulatory compliance in areas such as the ISO 27001, NIST, CSA, CIS and other compliance requirements required by individual customers.
Chairs the Information Security ? IT Committee (ISIC) and coordinates the activities of ISIC so that security decisions do not interrupt business processes while maintaining the confidentiality, integrity, and availability of company information.
Conduct vulnerability assessment and penetration test on the organizations IT systems and application.
Plan and conduct annual role?based and general staff cyber security awareness training.
Acts proactively to prevent potential disaster situations by ensuring that proper protections are in place, such as intrusion detection and prevention systems, firewalls, and effective physical safeguards, and provides for the availability of computer resources by ensuring a business continuity/disaster recovery plan is in place to offset the effects caused by intentional and unintentional acts.
Evaluates security incidents and determines what response, if any, is needed and coordinates Company’s responses, including technical incident response teams, when sensitive information is breached.
Provide IT Audit consultant role with Internal Audit and group company support.

Required Experience:
At least 3 ? 5 years of working experience in Security consultation IT infrastructure.
Preferable to have Advance knowledge and experience for IT infrastructure or networking (Cloud ? Azure, AWS, M365, Cisco Cloud Security | On Prem ? Wintel Server, Linux and PC | Network – Cisco, Forti, Paloalto, Juniper )
Preferable to have Advance knowledge and experience for Security Solutions (Microsoft, Broadcom, Cisco, McAfee, Cybereason, Trendmicro, any SASE solutions, any Logging or Monitoring solutions)
Hands?on individual contributor and be able to lead and guide vendor, and work with local and offshore team.
A potentiality to be a technical specialist with high communication skills and well minded about team?working.
A sense of ownership, urgency and self?motivation?Able to travel on short notice according to requirements.