Manager - Group Technology (SM - Access Management (App/DB Security Analyst))

If you are looking to excel and make a difference, take a closer look at us

Overview:

To perform application security review on existing and new applications for Hong Leong Financial Group. To participate in projects review and implementation of security controls and processes to ensure compliance to IT Security Policies and regulatory compliance. This position reports to the Head of Application Security.

Responsibilities:

These tasks focus on the gatekeeping aspect of security-managing who has access to what and ensuring those permissions remain current.

• Access Granting: Review and grant access authorities to applications based on approved user access matrices.

• Operational Requests: Attend to daily operational security requests for applications in-charge.

• ID Housekeeping: Ensure housekeeping of IDs is performed to eliminate dormant and unused IDs.

• Sensitive ID Monitoring: Control and monitor the usage of sensitive user IDs.

• Matrix Maintenance: Ensure that the User Access Matrix is reviewed by Business Owners on a pre-determined period.

This group covers the formal frameworks, manuals, and continuous improvement of security standards.

• Documentation: Document new and update existing Security Administration Manuals, procedures, guidelines, and checklists.

• Process Improvement: Review and improve existing security controls, procedures, processes, or guidelines for better security.

• Policy Implementation: Review, evaluate, and implement application security controls to ensure compliance with security policies.

These responsibilities involve the check and balance phase-verifying that controls are working and responding to formal oversight.

• Audit Log Review: Review and monitor audit logs and other critical audit trails in Production Systems.

• Self-Audits: Perform periodic self-audit checks and security verification on applications in-charge.

• Audit Support: Attend to auditor's queries and requests follow up/rectify issues to ensure closure and prevent relapse.

This involves proactive security work during the development or deployment of new systems.

• Project Participation: Participate in new project implementations to review, test, and implement security controls.

• Risk Compliance: Ensure security requirements are fulfilled and complied with to mitigate security risks during new builds.

These tasks focus on the organization's ability to remain functional during a crisis.

• Recovery Planning: Participate in Disaster Recovery Plan (DRP) and Business Continuity Plan (BCP) exercises for the Group.

Skills & Experience We Are Looking For:

• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or a related field.

• 3-5 years of experience in Security Administration, IT Audit, or Application Security.

• CISA, CISM, or CISSP certifications will be an added advantage.

• Possesses knowledge of AS400 and Oracle.

For more job opportunities, please go to HLB Careers: