Manager, Information Security

The role work with other security managers in the team and reports to the Chief Security Officer. The Security team is responsible for the organization’s security risk, cyber resilience, and operational resilience. The candidate should possess proven experience in information security with sound technical knowledge, and exposure on security governance, assurance and/or security risk management.

The candidate are required to comply with group security standards and regulatory requirements, maintaining security policies and process documents, support Architect / Development / Testing on the DevSecOps, collaborate with business and project team to align with the corporate Security standards and controls, maintaining the organization's security posture.

Sound understanding of international security standards (ISO27001 / NIST), and exposure to public cloud, privileged account management, SIEM, data leakage prevention, anti-DDoS, WAF, proxy gateway, vulnerability management, Operational and IT resilience.

The candidate should possess strong presentation and communication skills. Provide security advise to business and project team to ensuring alignment with the Corporate Security standards and controls, documenting security recommendation and mitigation options in clear, business-intelligible language. Ensure security compliance against legal and regulatory requirements. Experience of working in a multi-national organization would be beneficial but not a requirement.

Job Description:
• Provide professional security advisory and recommendations on solutions architecture, business project requirements, and security related enquiry.
• Conduct security risk assessment on technology solutions and/or technical controls to identify potential security threats and vulnerabilities and develop strategies to mitigate risks. Maintain security risk register, and communicate identified risks and impacts to stakeholders
• Conduct vendor security assurance review on process/control/ and provide security advisory for continuous improvement
• Ensure security in DevSecOps, collaborate with Architect / Development / Testing on application security assessment and oversee penetration testing conducted by approved service penetration test providers.
• Would be an advantage if the candidate has experience on participating or coordinate Red-team/Blue-team, Penetration testing, and Threat intelligence simulation attack.
• Support internal & external security audit/compliance assessments, and devise mitigation measures to address findings effectively
• Security Incident management and support 1st line to ensure timely detection, response, and resolution of security incidents.
• Periodically review and update security policies, operation process, for security control enhancement
• Prepare management reports to Chief Security Officer & Management team.

Qualifications:
• 5+ years of experience in information security, security risk or related area.
• Degree in information security, computer science, information management systems or related field.
• In-depth understanding of cloud security principles and best practices, with experience in securing cloud environments (e.g., Azure, AWS).
• Solid understanding of DevSecOps and application security, including secure coding practices, vulnerability assessment, and secure deployment methodologies.
• Demonstrated track record in leading and implementing successful information security initiatives programs.
• Ability to apply analytical rigor to understand complex business scenarios. Problem solving skills and ability to work independently. Strong communication skills and Team player.
• Fluent in English (verbal and written).
• Relevant certifications (e.g., CISSP, CISA, OSCP, CEH, ISO 27001, NIST or equivalent, etc.) are a plus
• Capable candidate with lesser experience would be considered for junior roles.