Information Technology Security Manager
Detail posisi
Kewajiban
• Responsible for reviewing, implementing, and maintaining information security policies, frameworks, and roadmaps.
• Evaluate compliance against relevant regulations, IT security policies, and standards, e.g., ISO/IEC 27001 and the NIST Cybersecurity framework.
• Responsible for assessing IT/technology risk management and ensuring the effective implementation of the company's information security principles.
• Responsible for proactively monitoring systems for security breaches, responding to threats, and coordinating with vendors to conduct vulnerability assessments and penetration tests.
• Develop and execute incident response plans, ensuring timely and efficient mitigation and recovery in the event of security incidents.
• Oversee the management and maintenance of security technologies, including security operations center incident response and antivirus systems, and implement data loss prevention.
• Responsible for evaluating and managing security risks associated with third-party vendors, ensuring that their security practices align with organizational standards and regulatory requirements.
• Successfully coordinating with internal and external stakeholders to address security governance requirements, respond to audits, and meet regulatory compliance obligations.
Kualifikasi
• 6+ years of work experience in cybersecurity, IT security engineering roles, preferably for financial services, brokerage, or similar industries.
• Strong communication and organization skills.
• Good understanding and knowledge of IT security fundamentals.
• Familiarity with server, network, cloud, and information systems security principles and best practices.
• Demonstrate an extensive knowledge of protocols and the capacity to effectively prepare for and manage potential challenges while interacting with, communicating with, and providing assistance to auditors, regulators, and examiners.
• Capable of offering expert guidance on the most suitable mitigation measures or compensating controls, taking into account the risk level associated with each identified issue.
• Relevant security certifications such as CISSP, CISM, CISA, or equivalent.
• Proven track record in vulnerability management, risk assessment, and threat detection, as well as strong problem-solving skills.