IT/NT Security Senior Engineer

A. ROLE PROFILE

Role Title: Network Operation Senior Manager
Reporting to: ICT Operations & IT/NT Security Senior Manager
Division: Information & Communication Technology
Department / Section: Technology & Information

B. CONTEXT

Purpose:

Ensure systems and devices are secure in end-to-end manner. Conduct technical controls: availability, confidentiality, and integrity in best practices for technology, people, and processes

Context:

Review and monitor information security events and processes and ensure that there are normal, functioning properly and operating securely to protect Business Assets and Information

C. ROLE ACCOUNTABILITIES

• Ensure security systems are configured optimally
• Review and validate all changes involving devices and systems
• Regularly audit systems and processes, identify gaps, prepare remediation plans, and track closure of security risk items
• Report on any risks found and track it till closure in risk register
• Monitor security incidents, problems and ensure they are resolved within SLAs
• Monitor security and network systems performance, alerts and ensure appropriate actions taken
• Conduct security risk assessment, vulnerability assessment, application assessment, and report risks and track till closure
• Develop non-functional security requirements, reviewing and updating design of the systems during system selection and design phase.
• Analyse all vendors operations and report the areas of improvement and challenge to the management with remediation plans
• Support other team members activities when they are not available, on leave.
• Leading MSP to achieve IT security target/KPI on time.
• Working with all parties to comply all IT security policies and compliance

• Help to design, implement, and maintain the organizations cyber-security plan.
• Develop and direct implementation of security standards and best practices for the organization.
• Ensure that IT security audits are conducted periodically or as needed (e.g., when a security breach occurs).
• Monitor organizations networks for security breaches and investigate violations when they occur.
• Managing SIEM, DLP, Endpoint Security tools, APT, WAF, Firewall, IPS, IDS, EDR, cloud security, Dark web, CTI, etc.
• Working with SOC team to achieve targeted security KPIs
• Working with IT GRC team for IT security policies, standard, procedure documentation.

D.KEY PERFORMANCE INDICATORS

• Publish KPIs for Security in Weekly Dashboards
• Publish Dashboard on Overall Security Status and demonstrate continual improvement (10% month on Month)
• Track, measure and review Information Security metrics (Weekly) for the effectiveness of IS controls.
• Conduct the investigation of security incidents, violations of security policies and prepare preventive and corrective action plans. (Antivirus breakouts, Network attacks, etc.)
• Identify, Assess and Manage Security Risks with their related Threats, Vulnerabilities and Mitigation and report them to the management. (For Design/Configuration changes and Operation/Process changes as well as new System Acquisition and Development).
• Analyse all vendors operations and point out the areas of improvement and challenge to management. (By reviewing Low Level Design, etc.)
• Administer Patch management and Vulnerability management to comply with Related Policies, Best practices and Vendor Recommendations. (Reviewing weekly Patch Management, Vulnerability Reports from Managed Service team, Industrial best practises)
• Conduct the investigation of security incidents, violations of security policies and prepare preventive and corrective action plans and track closure.

E. WORKING RELATIONSHIPS & DECISION MAKING

Interacts with: (who else do they interact with and at what level and for what purpose Internally & Externally)

Internal:

Contact Centre, Marketing, Legal, Regulatory, HR, Technology, etc.

External:

Managed Service teams Diyar and Whale cloud, IMI and other vendors including ZTE.

Decision Making

Describe the kind of decisions made what they would be related to and whether they would be made independently or in conjunction with others. This could include Delegated Authority levels

F. EXPERIENCE AND QUALIFICATIONS

Minimum Experience & Essential Knowledge

• Over 5 Years experience and knowledge on the security of Applications, Networks, and Systems.
• Knowing technical projects management and understanding security processes and standards are advantage.
• Over 2 years experience of vendor management and driving skills
• Have good experience in vendor negotiation skills

Minimum Entry Qualifications

• Any Degree
• Recognized IT training, diploma, or certificate
• Ethical Hacking (CEH)
• Forensics
• Network Security