Manager, IT Security
The incumbent will work with Senior Manager, IT Services in managing IT Security and Cyber Security. Manage all facets of first level support, including line managing first level staff and assets. Ensuring change control and information security procedures are followed across Rakuten Trade.
This role is also required to prepare and monitor Cyber Security policies, framework, budget and costing, strategic planning and audit matters, in consultation with the Senior Manager, IT Services.
Duties & Responsibilites
- Specialize in IT System/Infrastructure Security; implement and monitor security measures for the protection of computer systems, networks, and information to ensure that all IT related security components are implemented in accordance with the compliance against Information Security Policy and Management Standards, Statutory Legal and Regulatory requirements.
- Oversee all day-to-day IT security incidents/administration/health check current servers and network infrastructure security control. Identify IT risks, threats, and vulnerabilities in the company’s technology infrastructure. Analyze and report computer network/servers/application security breaches or attempted breaches. Investigate security incidents, updates, and documents security control, perform risk assessments, take appropriate action to minimize harm and make recommendations to corrective action. Maintain incident documentation, participate in post-mortems, and write incident reports.
- Establish and maintains IT security related policies, procedures, and guidelines. Periodically review the security related guideline and control to ensure the efficiency and effectiveness of the information security controls and recommend improvements wherever is necessary. Develop comprehensive reports including assessment-based findings, outcomes, and propositions for further system security enhancement.
- Coordinate internal audit team, external audit team and IT team to provide the information as audit request and update the status of audit next step to IT management.
- Drive continuous process improvement to all security functions utilizing KPIs and metrics.
- Advise on security operation controls to systems or applications when it comes to implementing new technology.
- Perform vulnerability and penetration management program, reporting with risk prioritize, remediation and recommending appropriate solutions.
- Responsible to manage and report to Management on cyber security issue, statistical fault report and status on weekly and monthly basis.
- Participate in DR and BCP simulation including infrastructure, security readiness and checklist.
- Involve and provide feedback on cyber security activity, audit and briefing to regulator and staff.
- Diploma / Degree in Information Technology or equivalent.
- Minimum 5 years of experience in IT related Security Technologies, IT General Control and IT Processes.
- Possess hands-on technical experience in setup/implement/maintain IT security related solution/system, including network security monitoring, NAC, L2/L3 firewalls, routing, switching, IDS/IPS, Proxy, WAF, VLAN, VPN Technology, Endpoint Detection and Response Solution, Backup Solution, Event Management (SIEM) Technologies, Content Filtering, Vulnerability Scans & Management, Encryption Technology, DHCP, DNS, HTTP, SSL, SSH, LDAP, IPSEC, etc.
- Knowledge of ISO27001, NIST Security Framework, regulator guideline and requirement and IT security control.
- Knowledge of SOC and PAM solutions implementation would be advantage.
- Certified in Information Security Management System (ISMS) or Security professional certification would be an added advantage.
- Certified with ITIL based experience in Incident, Problem, Change and configuration management would be an added advantage.
- Exceptional communication, problem solving and cross-group collaboration skills.
- Good command of written and spoken English.
- Ability to present ideas in business-friendly and user-friendly language.
- Self-starter with a positive work attitude and be able to work independently.
- Strong team player with ability to work in a team and as individual contributor.
- Ability to work on own initiative with minimal supervision, excellent time management, priorities and organizational skills to work on multi-tasks with high sense of urgency and tight deadlines.
- Ensure security compliance of IT systems and operations against all security and risk management Process and Procedures (P&P).
Special Requirements (if any)
- Working on weekend or public holiday (if required).