Overview

Provide consultancy and advisory services on IT security, such as compliance, security assessments and vulnerability testing.

Duties & Responsibilities

· Review and development of security framework, information security policies, processes / procedures and guidelines on an on-going basis.

· Establish compliance with these policies / procedures through on-going security reviews and audits, not limited to log analysis and security assessment of customer ICT systems

· To conduct security risk assessments and develop mitigation plans

· To conduct vulnerability assessment and penetration tests

· To conduct information security awareness training

· Responsible for the development and management of customer’s security incident response plan. To lead and support customer in the matters of security incident resolution and response.

· Conduct IT security awareness seminars and training

· May be required to support Pre Sales for Professional Service opportunities

Requirement:

· Diploma or higher in Computer Science, Engineering and Information Systems (specialization in security is a plus)Years of IT Experience:  5-10 Years

· Work Experience:  5-10 Years in the area of such as security governance, audit, vulnerability assessments, security operations, incident response, security risk management etc.

• Strong understanding of ISO 27001 and PCI Security Standard is a plus


• Good working knowledge of security risk management, security governance framework and compliance (IT Security Audit / log review), technical vulnerability management (Vulnerability Assessment, Penetration testing), application security, security technologies (system hardening, IDS/IPS, firewall), security incident response, security operations and security assessment.


• Customer-focused with good interpersonal skills

· Preferred certifications: CISSP, CISM, CISA, ISMS, TOGAF, SABSA etc.

· Lead Auditor Certification