Cybersecurity Analyst, Apac

**Cybersecurity Department**:
The Cybersecurity department at the Technology Company prides itself on its inclusive and collaborative environment. We work closely with other departments to ensure that any technology, hardware, or software, is updated, properly configured, vetted and monitored before, during and after deployment. The department’s responsibilities include actively participating industry standard audits such as ISO 27001, PCI DSS and others. We are responsible for the ISMS and maintaining and creating the policies and procedures and programs that are the backbone of the company. We are a dynamic department where our day-to-day tasks may vary but it is always rewarding.

**Essential Job Functions**:

- Support the Cybersecurity team on matters involving the security posture of the information system.
- Assist with maintenance of the Data Classification and Data Governance Programs. which includes protecting data from accidental or unauthorized modification, destruction, or disclosure; adheres to emergency data processing needs.
- Develops job aids, procedures, policies, and training materials
- Reviews exceptions and violations of security policies; provides remediation training when necessary and documents justifications or rejections of requested exceptions to policies
- Monitors and restricts access to sensitive, confidential, or other high-security data.
- Participates in third party risk management to review software and vendor requests.
- Performs risk assessments, audits, and tests to ensure proper functioning of data processing activities and security measures.
- Monitors reports to ensure that all devices have up to date OS, third-party patches and antivirus; facilitates or performs needed updates.
- Review and manage alerts within the Security Information Event Management (SIEM).
- Investigate, report and mitigate cyber security incidents.
- Assess the impacts on system modifications and technological advances.
- Manage and review security logs and taking required actions.
- Monitor for and report on threats of all varieties (phishing, malware, MS vulnerabilities, etc.)
- Provide guidance and direction for the company's information security programs, including developing and managing the Enterprise Security Risk Department related policies and standards.
- Assist and direct organization in the daily execution of identifying, developing, implementing, and maintaining processes to reduce strategic business and information risks.
- Track and report alignment to cybersecurity requirements internally, as well as maintaining and updating security risk register.

**Job Requirements**:

- Bachelor’s degree in Cybersecurity, Computer Engineering, Information Technology or related field or at least three years of experience in computer systems with some specialization in information or cybersecurity.
- Experience with Microsoft Security and Compliance Solutions or tools such as Microsoft Defender, Azure, and Data Classification.
- Security Information and Event Management (SIEM) experience Demonstrated problem-solving and analytical skills.
- Understanding of networking fundamentals
- Knowledge of security standards such as NIST SP 800-53, ISO 27001
- Knowledge of cyber threats and vulnerabilities and mitigation techniques
- Knowledge of system administration, network, and operating system hardening techniques
- Strong communication skills (verbal and written) with the ability to communicate internally with team members as well as externally with vendors and other service providers.
- Strong computer skills including proficiency with Microsoft desktop and server operating systems, as well as Microsoft Office 365
- Travel is expected to be less than 25%

**Preferred Requirements**:

- Security Certification such as CISSP, Security+, CISM
- Data Center experience is strongly preferred, but not required
- Experience with one or more of the following: mobile endpoints, device management, and architectures including Windows or Linux server software and technologies, HA and redundancy configurations, Cloud and virtualization software and services, and hyper scaling.

EA Select Licence: 20S0145

Key Appointment Holder (KAH): R1111445