IT Security Specialist, Risk & Compliance

Job Responsibilities

• Provide the excellent supports on overall aspects of Information Security, IT Governance, IT Risk, IT Audit and IT Compliance;
• Perform IT risk assessment and produce actionable plan to secure bank’s application, data and networks.
• Monitoring privilege account usage to ensure compliance with security policies.
• Assess and develop up to date with IT security policy, standards and threats.
• Collaborate with management and the related IT department to improve security posture.
• Document any security breaches and assessing their damage.
• Coordinate and update information security incident response document, ensuring processes and procedures are tested regularly in line with IT continuity, business continuity planning (BCP) and disaster recovery (DR) policy;
• Promote cyber security awareness posture at all levels of management and employees, by maintaining and developing a positive culture of compliance against IT security policy, industry standards and regulations;
• Identify and address a full range of issues from structure and policy, through to assisting in specific areas such as data privacy; data leakage prevention / monitoring; information rights management; third party security and cryptography;
• Perform day to day IT security operation required by head of departments and management. 
• Minimize all risks including operational, information and cyber security risk;

Job Requirements

• Having 3 years of experiences within IT security related domain and working in financial / telecom / auditing industry.
• Bachelor's Degree in Information Technology, Computer Science, and Software Engineering or a related qualification, and/or demonstrated capability through past employment experience;
• Holding any IT security related certification (ISO27001 LI, CEH, CCNA / CCNP Security) or from equivalent recognized organizational body is a plus.
• Proven experience of implementing an information security management system (ISMS);
• Experience in undertaking internal and third party audits covering IT governance and information security controls;
• Solid understanding of IT and experience in developing IT governance, controls and best practices;
• Proven ability to write easy to understand reports and deliver presentations on information risk management, systems process control and IT general control review reports;
• Proven ability to work and communicate effectively and fluently with managers and staff, including the ability to explain complex technical issues in terms that non-technical managers and staff will understand;
• Have a strong understanding of advanced threat detections, continuous vulnerability assessment, response and mitigation strategies used in Cyber Security operations;
• An understanding of a business continuity role and/or policies processes and plans;