Information Security Specialist

**Responsibilities**

The incumbent will support and assist in the assurance activities related to the confidentiality, integrity and availability of the company’s information assets, systems, services, and facilities in compliance with the organization’s information security policies, regulations and standards.
- Support the establishment, implementation, adherence to and documentation of information security standards, policies, procedures and processes to protect company information assets, systems, services and processing facilities
- Identify and assess the probability and impact of relevant risks as well as assess, design, test and implement risk mitigating solutions, which range across security policies, processes and technology
- Incident investigation and response including preparation, documentation and coordination with teammates and other teams, assisting with response (e.g., containment, eradication) and recovery as well as any necessary post-incident activities
- Design information security solutions (e.g., identify, prevent, detect), including architecture and technology evaluation, in the areas related to Application, Data store, Platform, Network and Physical technologies and / or controls
- Initiate, facilitate, promote and support the development and delivery of appropriate information security awareness training
- Work with various stakeholders and staff of all levels to ensure compliance of security initiatives and activities (e.g. phishing campaign, information security training, information security surveys, remediation of audit and security issues)
- Govern security administration functions relating to risk management, access control, log monitoring, vulnerability management and security configurations
- Facilitate and co-ordinate with suppliers, vendors and partners on third-party supply chain security risk assessments
- Conduct security reviews and provide advisory for user requests (e.g. cloud services, information security incident report)
- Manage data including analysis and preparation using Power Business Intelligence (BI)
- Other ad-hoc projects as assigned

**Requirements**:

- Degree in Computer Science/Information Technology, Computer Engineering or its equivalent
- Proven track record of 3 years of experience in security governance, risk and compliance or system security operations
- Recognised Information Security qualifications or equivalent (e.g. CISSP, CISM, CISA, CRISC, CDPSE)
- Detailed understanding of NIST and ISO27001 is required
- Strong working knowledge of privacy frameworks and regulations (e.g. PDPA, GDPR)
- Proven experience in working within a dynamic, matrix-oriented team structure
- Proactive and flexible team player who can forge strong relationships and be a trusted business partner within the organisation
- Ability to manage multiple stakeholders within the global business
- Demonstrate good time management and organisation skills with the ability to prioritise effectively and meet tight deadlines
- Ability to articulate technical topics to non-technical audiences in writing, diagrams and in person
- Strong communication and good interpersonal skills
- Meticulous, organized and resourceful team player
- Highly motivated individual who works independently with little supervision

**Job Types**: Full-time, Permanent

**Benefits**:

- Health insurance

Schedule:

- Monday to Friday

**Education**:

- Bachelor's or equivalent (preferred)

**Experience**:

- System security: 3 years (preferred)

License/Certification:

- CISSP (preferred)
- CISM (preferred)
- CISA (preferred)
- CRISC (preferred)
- CDPSE (preferred)

Work Location: In person