The main purpose of this role is to manage and support the development and governance of in the global security programmers, initiatives and improvements. As a Senior Security Consultant you will be the main cyber security contact to your assigned domain areas where you will provide cyber security direction and guidance to all levels of all our team members.
Specifically, to support the development, implementation and maintenance of Information Security Risk Management. To examine systems and procedures to identify potential adverse events, including hardware and software crashes, physical disasters, malicious intruders, malware, denial of service attacks and employee misconduct.
Full-time college degree or above, major in computer software or related;
Knowledge and experience of OA system, especially used for organizations with subsidiary in multiple regions.
Understanding of software design, database principle.
Experience in Microsoft Teams, SharePoint, and Modern desktop IT support are preferred.
Experience of AWS based infrastructure maintenance will be a plus.
Excellent interpersonal and communication skills, ability to work effectively with other internal users and external vendor.
A logical and analytical approach to problem solving.
Must be fluent in Mandarin and English in terms of written and verbal communication skills.
Adhere to high-quality development principles while delivering solutions on-time and on-budget.
Strong knowledgeable of current advances in all areas of information technology concerning vulnerabilities, security breaches or malicious attacks
Continuously evaluate/audit communication security, data vulnerability, business continuity and compliance risks
Identify vulnerabilities or weaknesses in systems and processes
Examine employee compliance with security controls and deficiencies
Evaluate security policy, processes and procedures for completeness
Ensure that controls are adequate to protect sensitive information systems
Report to management on system vulnerability and protection against malware and hackers
Clearly document and define risks and potential impacts along with the statistical probability of such an event and identify systems affected by the defined risk
Provide mitigation/ damage reduction proposals with cost justification
Assist in identifying breaches in Information Security or tracking the source of an unauthorized intrusion.
Identify defensive steps to take, including necessary firewalls, security software and data encryption
Recommend all infrastructure and applications patching and remediation be done
Logging and coordinating the identified vulnerability management and tracking the remediation of risks associated with critical/sensitive information, systems, services and processes
Working knowledge of Information Security Risk Management
Proven experience in Information Security Risk Management processes
Working knowledge of security frameworks/standards e.g. ISO 27001, COBIT or NIST Cybersecurity Framework
Mentor and coach junior members of the team
Certified in CRISC/CISSP/CISA/CISM/CGEIT
At least 6 years of relevant experience in Information Security.
Demonstrated strong technical skills and operational experience in the management, configuration and support across at least four of the below areas (on-premises or public cloud):
Identity and Access Management
Endpoint Security (EPP and EDR)
Web Application Firewalls
Microsoft 365, Azure Security Centre, Azure, and relevant security best practices on these platforms.