Responsible for selection, design, implementation, review, and manage operation of information security controls within the company according to relevant regulatory & industry standard.
Creating and documenting standards, including configuration baselines, management and operating best practices, for security and IT infrastructure
Creating security architecture templates and helping subsidiaries to adapt them to their IT environments. Helping subsidiaries to review their security programs against current security frameworks (NIST, CIS, ISO 27001, etc.) and best practices to identify gaps and develop enhancement programs
Developing security metrics to analyse effectiveness of security programs and track improvements over time. Guiding and training IT and security staff in subsidiaries on the application and execution of the standards, tools, metrics and best practices
Responsible for identifying, evaluating, and reporting information security and governance risks in a manner that meets compliance requirements.
Persyaratan
Minimum Bachelor Degree in major Information Security/ Computer Science
Experience in IT security area minimum of 5 years experience
Extensive experience and knowledge of application and infrastructure security, IT operations, enterprise networking, operating systems and database security, and secure software development
Demonstrated proficiency in security & compliance, and regulatory requirements (ISO27001, NIST, CSA etc). Familiar with Data Privacy and PCI regulatory compliance requirements
Professionally qualified (e.g., CISSP, CISM, PCI ISA or OSCP)
Self-motivated, analytical and possessing good interpersonal and problem-solving skills. Passionate about using technology to solve business problems.
Experienced in working in a global or regional environment
Experienced in managing vendors or working with managed services providers
