The Job Description:
Deliver IT Security Risk Assessments be an IT Security Champion to the business, with focus on new existing applications utilizing Agile techniques (DevSecOps).:
Responsibilities:
• Responsible fsecurity risk assessments on new existing applications systems to ensure strong risk management strategies, tools, frameworks standards are in place.
• Identify provide analysis recommendations fIT security risks, track corrective actions performed by the business thru risk exception process.
• Provide accurate timely reports to demonstrate individual team activities progress
• Work closely with IT business representatives to drive risk assessment remediation
• Provide consultation on security policies general best practices
• Evaluate provide security approvals related to application infrastructure changes with focus on firewall rule approval recertification.
• Participate in audits to establish compliance with security policy country regulations
• Contribute to individual, team, security function continuous improvement projects.
Requirements:
Inder to succeed in this role, you must:
• Advanced knowledge of infrastructure application security risk management concepts.
• Have good understanding of industry regulations i.e. MAS TRM, HKMA, FSA, etc.
• Have general knowledge on emerging technologies such as Fintech, Mobile & Virtualization.
• Must have demonstrable previous IT Security experience in risk management, audits/compliance, security system development, and/operations. Vulnerability/ Patch Management experience is a plus.
• Priexperience in DevSecOps methodology its application is preferred
• Must have direct IT business stakeholders management in a confident responsive manner. Previous security sales and/team management experience should be highlighted.
• Must have excellent Englishal written communication.
• Must be motivated, able to work independently as well as part of a team must demonstrate ethical responsibility, maturity, discretion
It also helps if you have the following certification(s) equivalent experience, are preferred:
CRISC, CISM, CISA, CISSP, ITIL, GCCC
更多
