#1520 - IT Security Manager
|Company Name||TIRO' s client|
|Industry||IT - Information Technology & Services|
|Description||One of the world's largest and leading IT companies|
|Job Title||IT Security Manager|
|Job Description||• Perform internal Information Security Audit activities in the area of ITGC, ISO 27001 and Physical Security across different functions and processes across the company
• Identify gaps and recommend controls to mitigate the same
• Interface with client’s teams on assessments and reviews
• Review IT security architecture
• Ensure ISMS Policies, Standards, Procedures are current and teams comply to the same
• Identify and prioritize information security related risks through proactive risk assessments
• IT/ Information Risk Assessment, management and Mitigation.
• Assess risks from emerging technologies and design adequate controls and processes
• Study & recommend industry best practices, latest trends for continuous improvement of information security
• Experience in security metrics to demonstrate the overall security posture of the organization.
• Information Security request and exception Management.
• Review and suggest corrective action on Information Security incident.
• Develop & manage - Information Security Awareness Program.
• Develop, maintain and regular review of the security policies &procedures.
• Conduct periodic audits with a view to safeguard information system assets by identifying and solving potential and actual security problems
• Work with teams effectively to ensure controls are deployed in a secure and consistent manner.
• Proven experience with securing information for various technical solutions.
|Function||IT - Software|
• Excellent exposure towards planning and conducting Information Security Audits
• Knowledge and practical application experience of information security, cyber security "best practices," such as ISO 27001/27002, PCI, SAS 70, ISAE SoC 1 Type II, NIST standards, HIPPA, Data Protection, Privacy and COBiT, etc.
• In-depth knowledge of security systems and applications and a strong foundation in core area of security (e.g. OS hardening, DB hardening, Active Directory, Firewalls, IDS, IPS, Router, SIEM, DLP, network and perimeter defense) is preferred
• Knowledge of various control and risk management concepts and methodologies in latest technologies like: Cloud, Mobility, virtualization, etc.
• Experience in developing and managing Business Continuity and Disaster Recovery Plan.
• Strong interpersonal skills. Ability to influence leadership team internally and clients externally
• Communicate Security, risk and control related concepts to a broad range of technical and non-technical staff both internal and external client
• Understanding of organization structure, and ability to work effectively with internal support functions and operational areas
• Strong written, communication and presentation skills
• Attitude to learning and development, a record of continuous professional development
• Graduate / Diploma holder (Full time)/Engineer
• Full-time work experience in information security management and/or related functions (such as IT audit and IT Risk Management) with a background in technical IT roles.
• Certifications such as CISA, CISSP, CISM.
• 7 to 11 years of experience in large consultancy or relevant industry segment
• Team management experience is a must
• Experience in IT Audit / Technology Risk / Information Security / Third Party Risk Management
Office Phone: +84 3939 0388