Security Incident Management - Director

  • Up to SGD280K + High Variable Bonus
  • Singapore
  • Permanent, Full time
  • Kaskal Executive
  • 15 Oct 17 2017-10-15

Our client is a highly reputable financial institution

Required:

  • Bachelor’s degree in Computer Sciences or related field or equivalent experience/certification
  • 5+ years of information technology leadership experience
  • Experience implementing, managing or governing security technologies, including vulnerability scanning tools (i.e.Retina, Nessus, etc.)
  • Experience performing risk assessments and analysis within Information Technology

Preferred:

  • Current information security certification, including Certified Information Security Manager (CISM), Certified Risk and
  • Information Systems Control (CRISC) or Certified Information Systems Security Professional (CISSP)
  • Technical leadership experience in a sourced environment
  • Project management skills
  • Excellent communication skills and problem solving ability
  • Demonstrated ability to work independently and with others
  • Ability to manage the details and compliance with standards and expectations
  • Technical infrastructure operations, administration, or engineering background

CORE WORK ACTIVITIES

  • Provides technical leadership to the information vulnerability management process, including developing and managing
  • the remediation program
  • Identify and draft mitigation guidance for vulnerabilities with no vendorprovided remediation
  • Establish communications with vendors for the release of newly identified vulnerabilities to ensure they understand
  • specialized and proprietary asset requirements
  • Analyze publicly disclosed vulnerabilities of vendor software/hardware products and develop the mitigation/remediation orders
  • Compile daily, weekly, monthly and annual vulnerability metrics associated with affected and non-compliant assets
  • Utilize tracking tools/capabilities in a vulnerability management system to review manually uploaded and automated
  • information to report vulnerability mitigation and remediation progress
  • Identify, analyze, and develop mitigation or remediation actions for system and network vulnerabilities
  • Assist with the prioritization of newly identified software/hardware vulnerabilities based upon severity, potential
  • operational impact, exploitation, and other factors to assess risk to Marriott assets
  • Conduct open source research to identify and analyze known and unknown vulnerabilities
  • Analyze known issues with vendor provided fixes and contact the appropriate vendor for a defined and attainable
  • solution
  • Perform planned and ad-hoc infrastructure vulnerability scanning, determine remediation options and track remediation to
  • completion.
  • Evaluate and test hardware, firmware and software for possible impact on system security, and the investigation and
  • resolution of security risk and incidents. Assist with vulnerability exceptions.
  • Initiate and evaluate vulnerability scans for operational readiness and validate if vulnerabilities are false positives based
  • on the Operating system and/or and application configuration.
  • Assess, maintain, and distribute security patch deployment ratings for Microsoft, Linux, Unix, and HPUX patch releases.
  • Work proactively with IT Infrastructure partners with respect to strategic and tactical plans for information security
  • Work proactively with IT Infrastructure partners regarding major system changes to ensure information security standards
  • are addressed early in a project’s life and incorporated into the resulting program
  • Provides technical leadership, oversight, standardization and validation of the effectiveness of the security systems
  • Performs risk assessments using the Factor Analysis of Information Risk methodology
  • Provides guidance and educates the organization in risk management principles and practices
  • Communicates with Subject Matter Experts to determine expected impact and likelihood of loss events
  • Maintain organizational Risk Register
  • Participates in the evaluation and selection of security and risk management services products
  • Supports governance based on best practices and ensures proper alignment to projects and major initiatives
  • Leads analysis of the current environment to detect critical deficiencies and recommends solutions for improvement
  • Leads analysis of technology industry and market trends to determine their potential impact on the infrastructure
  • architecture
  • Promotes the benefits of security services to the organization and educates all on security concepts

Technical Leadership

  • Trains and/or mentors other team members, and peers as appropriate
  • Provides financial input on department or project budgets, capital expenditures or other cost/resource estimates as
  • requested
  • Identifies opportunities to enhance existing processes

IT Governance

  • Follows all defined IT standards and processes (i.e. IT Governance, SM&G, Architecture, etc.), and provides input for
  • improvements to the appropriate process owners as needed
  • Maintains a proper balance between business and operational risk
  • Follows the defined project management standards and processes

Interested candidates may email directly to joyce.lim@kaskal-executive.com

Joyce Lim

Reg No.R1109191

EA License: 15C7408