Information Security Analyst

Avensys is a reputed global IT professional services company headquartered in Singapore. Our services include enterprise solution consulting, business intelligence, business process automation, and managed services. Given our decade of success, we have become one of the top trusted providers in Singapore and service a client base across banking and financial services, insurance, information technology, healthcare, retail, and supply chain.

We are currently looking to hire a Information Security Analyst - IT Support. This is an exciting opportunity to expand your skill set and achieve job satisfaction and work-life balance. I've included more details below.

Job Description

We are seeking a hands-on Information Security Analyst to support day-to-day security operations, IT compliance initiatives, and IT governance activities. This role is operationally focused and ideal for a technically strong individual with experience in cybersecurity controls, endpoint security, identity management, and IT audit frameworks such as ISMS and SOC 2.

The role combines cybersecurity operations, IT control monitoring, audit support, and end-user environment security management. This is not a purely strategic or policy-only role; the successful candidate will be actively involved in implementation, monitoring, remediation, and operational support.

Key Responsibilities

• Security Operations & Control Implementation
• Design, implement, and enhance security controls across endpoint, identity, and collaboration platforms.
• Establish and maintain endpoint security baselines and hardening standards for Windows and macOS environments.
• Administer and monitor endpoint security tools (e.g., EDR solutions such as CrowdStrike or equivalent).
• Monitor security alerts and coordinate incident response activities, including documentation and follow-up remediation.
• Oversee patch compliance, vulnerability remediation tracking, and security configuration reviews (focus on governance and validation rather than routine deployment tasks).

Identity & Access Management

• Administer user accounts and access rights across Active Directory and Microsoft 365 environments.
• Conduct periodic access reviews and enforce least-privilege principles.
• Support onboarding and offboarding processes with proper access control validation.
• Assist in strengthening identity controls, including MFA enforcement and conditional access policies.

IT Audit Support

• Support internal and external IT audits, including ISMS and SOC 2 initiatives, through:
• Evidence preparation and documentation
• Control testing and validation
• Access review execution
• Remediation tracking and follow-up
• Contribute to the maintenance and continuous improvement of IT policies, SOPs, and security documentation.
• Assist in risk assessments, control gap analysis, and corrective action planning.
• Maintain audit readiness through structured documentation and control monitoring.

IT Governance & Risk Management

• Support the development and enhancement of IT security governance frameworks and operational controls.
• Maintain and track risk registers and remediation action items.
• Monitor compliance with internal security policies and regulatory requirements.
• Promote cybersecurity awareness and good security practices across the organization.

Project & Initiative Coordination

• Support coordination of security and compliance initiatives, including ISMS improvements and SOC 2 readiness programs.
• Track project milestones, document action items, and follow up with stakeholders on remediation deliverables.
• Participate in cross-functional IT and security projects to ensure alignment with governance and risk requirements.
• Assist in preparing reports and updates for management and audit purposes.

Requirements

Experience

• Minimum 35 years of relevant experience in cybersecurity, IT security operations, or IT infrastructure with security exposure.
• Practical experience supporting IT audits, internal controls, ISMS, or SOC 2 initiatives.
• Hands-on experience with:
• Active Directory and Microsoft 365 administration
• Endpoint security / EDR platforms
• Access control management and review processes
• Experience supporting regional and/or global IT operations environments, including working across multiple geographies and stakeholders.
• Exposure to coordinating security or compliance initiatives is advantageous.

Technical Competencies

• Solid understanding of information security principles (CIA triad, least privilege, defence-in-depth).
• Working knowledge of ISMS controls and SOC 2 control domains.
• Familiarity with vulnerability management and patch compliance governance.
• Good understanding of endpoint hardening and identity security controls.
• Experience with ticketing systems, documentation platforms, and audit evidence management.
• Ability to translate audit and compliance requirements into actionable security controls.

Preferred Certifications

• ISO 27001 Foundation or Lead Implementer
• CompTIA Security+ or equivalent
• Microsoft 365 Security Administrator (or equivalent)
• CISA (advantage but not mandatory)

WHAT'S ON OFFER

You will be remunerated with an excellent base salary and entitled to attractive company benefits. Additionally, you will get the opportunity to enjoy a fun and collaborative work environment, alongside a strong career progression.

To submit your application, please apply online or email your UPDATED CV in Microsoft Word format to [Confidential Information]. Your interest will be treated with strict confidentiality.

CONSULTANT DETAILS

Consultant Name: Laxmi B

Avensys Consulting Pte Ltd

EA Licence 12C5759