Background and Role Summary The primary responsibility of the Senior IT Security Officer is to execute the company's cyber security agenda by evaluating, identifying, enforcing, mitigating, and overseeing security measures.
Responsibilities and duties - To liaise with IT development and system teams to ensure IT security best practice is catered throughout the system development and maintenance processes. Ensure security is factored into the evaluation, selection, installation, and configuration of hardware, software, and applications. - To put in place and work on the results of the measuring tools and management of the IT security, including host-system vulnerability and web application security scanner. - To keep current with the latest security threats and risks. Manage regular review of IT security on system infrastructure, access control, network, software, applications, desktops, and endpoints. - To perform IT security incident verification and investigation and work with various teams to resolve security incidents. - Coordinate IT security activities such as IT security review meetings, reporting, and trainings. - Prepare reports on IT compliance reviews, vulnerability management statistics, and security incidents, etc. - Follow through any issues reported and ensure they are resolved or mitigated in a timely manner. - Facilitate cross-departmental collaboration to ensure that technical teams, business lines, and other relevant departments implement compliance requirements effectively. - Communicate and coordinate with external regulatory bodies, auditing firms, and groups to ensure transparency and credibility in security compliance matters. - Organize and oversee cyber security compliance training programs for employees to enhance overall security awareness. - To support, advise, and teach/train the end-users in the field of IT security. - To elaborate on the engagement of service (SLA) and translate them into internal demands (OLA) in the field of IT security & compliance.
Preferred qualifications - Degree in Computer Science, IT or related disciplines. - Professional certificate in CISA, CISM; and with CISSP preferable. - Minimum 5 years of IT experience in the role of IT security. - Excellent knowledge in latest IT trends and tools e.g. Qualys, Acunetix, SIEM (Splunk or similar). - Excellent and hands-on experience in project management in security program, e.g. penetration testing. - Able to quickly acquire excellent knowledge of the Company's IT operations, infrastructure, policy and procedures. - Good track records in deployment and implementation of IT security program. - Excellent analytical skills and strong interpersonal and communication skills. - Result-oriented with capability to drive, and work independently, efficiently and innovatively. - Good teamwork player. - Fluent in both written and spoken English and Mandarin.
