IT Security Consultant

Position: IT Security Consultant

Job Purpose

This role is responsible to manage information risk, to ensure compliance of Security Standards practised by the services/organization and to provide security support on application, projects and to prevent the unintentional, unlawful, or unauthorized disclosure, alteration, or destruction of IT resources.

KEY RESPONSIBILITIES:

. Responsible to manage operational IT Security for a high availability financial service and work on the reporting & improvement as well as facilitate in audits and trainings.

. To drive Analysis & handling of security vulnerabilities & incidents.

. Establish, maintain and review compliance with Operational Security processes and procedures periodically and to ensure these are met and monitored.

. Establish, maintain and review strict access control to information and IT systems according to business needs and access policies.

. Perform Access Management activities (grant, change and revoke access privileges).

. Establish and maintain an environment that complies with the Payment Card Industry Standards & Requirements, the Information Security Management Framework and other applicable security standards and Baselines.

. Monitor and manage security controls (system settings, logs, alerts, audit trails, attempts, violations, faulty logons, lockouts, etc.)

. To work closely with clients/ application/ infrastructure owners in applying and implementing the new security changes/solutions (e.g, protection concept, security specifications, architecture and design, security assessment).

. Exposure and to work on Security Operation Center (SOC) Tools, maintenance and operations support.

Preferred Skills

. Knowledge/ Exposure on Baseline controls a.k.a environmental controls, application generic control, Third Party Access controls and Legal and Regulatory controls

. Understanding and exposure working with External auditors on ISAE 3402, PCI-DSS compliance and other mandatory standards, health and safety, ISO/IEC 27001:2005, 27002:2005 and 27005:2008 . Internal

. Maintaining mandatory standards, health and safety, ISO/IEC 27001:2005, 27002:2005 and 27005:2008

. Self-starter who can work autonomously and independently and willing to learn and explore compliance and IT security.

. Good written and verbal communications, and ability to productively interact across internal/external stakeholders, auditors and functions.

. Broad understanding of security technology, IT security Standards and compliance.

QUALIFICATIONS:

. You have a university degree, followed by depth experience in the field of Governance or Compliance with focus on IT security.

. Overall 8-10 years working experience in IT industry with at least 5 years experience in IT Security & Compliance.

. Self-motivated and able to work independently as well as a team player.

. Good to have: - Cards and Payment domain knowledge, Exposure or understanding on PCI DSS, PCI PA-DSS, Security Industry standards, IT Security and Assurance, TIA Knowledge/ practice, Infrastructure Security Knowledge/ Practice, Multiple OS and AD Knowledge practice and SIEM Knowledge / Practice. - Experience in an IT operations-related field such as IT Security, IT Admin, Disaster Recovery or Maintenance of SOC tools