Manager, Security & Compliance (IT)

Insurance, Health checkup, Training & Development, Salary review, Allowances, Employee Shuttle Service, Annual Leave, Sport Club

Duties may include but not limited to:

• Drive the development of solutions and coordinate and monitor remediation of all security gaps coming from a variety of sources
• Act as a key liaison between IT management, agency liaisons, legal and auditors
• Collect monthly, quarterly and annual evidences required to support audit process relative to access controls
• Oversee internal and external vulnerability testing, risk analysis and assessment on a scheduled basis.
• Keep an inventory of all applications and track version and vulnerability risk
• Formulate a roadmap for application upgrades and system refreshes
• Establish plans and protocols to protect the information systems against unauthorized access
• Maintain a central, controlled documentation reference library of security related information (example, policies, architecture, access and revocation request model, super user access, change management, and others as determined necessary
• Work with appropriate staff to discover and validate critical assets for the audit process using a discovery tool or other effective inventory model
• Incident Response: Respond immediately to security related incidents. Document and provide a thorough post-event analysis and follow-up on recommendations
• Institute organization-wide communications relative to security awareness, protocols and procedures
• Collaborate with information security departments to improve security compliance, manage risk and improve effectiveness of the overall security program
• Testing and reporting of compliance levels and adherence to policies, standards and regulatory requirements
• Provide guidance in defining and the documentation of secure design specifications and ensure alignment with enterprise standards
• Share/leverage successful products, processes and best practices across the organization
• Conduct security awareness training
• Investigate security requirements and assist IT and business partners to understand and implement such requirements
• Communicate with stakeholders and support teams to help improve the Company’s security posture and develop action plans to sufficiently address any identified risk
• Provide ongoing troubleshooting, support, and maintenance of network and systems, including 24/7 on call coverage as required.