IT Security Manager

You are as unique as your background, experience and point of view. Here, you’ll be encouraged, empowered and challenged to be your best self. You'll work with dynamic colleagues - experts in their fields - who are eager to share their knowledge with you. Your leaders will inspire and help you reach your potential and soar to new heights. Every day, you'll have new and exciting opportunities to make life brighter for our Clients - who are at the heart of everything we do. Discover how you can make a difference in the lives of individuals, families and communities around the world.

Job Description:

Job purpose

• Ensure all IT Security & Governance deliver services above the agreed SLA.
• Ensure all IT Security & Governance projects are delivered as per requirements and within cost and time.
• Ensure IT Security & Governance expenses are within the budget, or acceptable variance.
• Ensure IT Security & Governance team is equipped and motivated to deliver their tasks.

Major accountabilities

• Lead and manage day to day activities and development of IT security and governance team and working as subject matter expert in area of IT Security & Governance to provide high level consultation and guidance for IT team and/or business users.
• Develop and maintain local IT security related operating guidelines based on corporate policies and standards.
• Define and implement accurate control, documentation and regular revalidation processes for all system access rights provisioning and software licenses usage.
• Manage project coordination and reporting as assigned as part of project Security Review process
• Work closely with IT Security team in regional and corporate for alignment of required Security Advisory activities, projects, and reporting.
• Formulate action plan, tracking, reporting and timely resolution of all relevant incidents / problems / audit findings.
• Lead the coordination and work closely with other IT team stakeholder to support External and Internal Audit related to IT General Control Audit (ITGC), ISO 27001 and Bussines Internal Audit, specifically in relation  to Information Security area.

Specialized knowledge

Understanding of Life Insurance Business Processes.

Overall understanding of IT Security & Governance that covers:

• IT Architecture Security review
• Expert knowledge and experience in IT Security & Governance related processes and implementations.
• Good knowledge and experience in IT Security Framework and controls : NIST, ISO 27001, COBIT, SOC2, PCI DSS, GDPR, CIS Controls.
• Good knowledge and experience in various IT technologies such as Windows, Unix, Computer networking, Firewall, antivirus, encryption tools, web filtering, sniffer, pen-test and other related security supporting tools / systems.

Portfolio / Program & Project Management

Security Incident & Problem management

Soft Skills

• Good communication
• Problem solving ability
• Negotiation/conflict resolution ability
• Strong Leadership

Problem solving

Varied to Complex depending on the situation.             

• IT Security & Governance: Predominantly Varied to Complex
• IT Security Projects: Predominantly Varied to Complex

Education and experience

• Degree in Computer Engineering / Computer Science.
• At least 5 years of experience in IT, with minimum of 3 years in IT Security and / or team leading experience. Preferably in financial sector.
• Certification in CEH, CHFI, ECIH, CISM, CISSP, and ITIL, Six Sigma or other relevant industry standard is preferable.

Communication scope

Internal

Business users, IT Management and other department leader. IT Application and Production Support team. Corporate, Regional and Enterprise Services Security Team Internal Audit

External

Security and technology Interest Group, External Audit, Vendors , Regulatory body in relat to Cyber Security response, BSSN, etc.

Management scope

Total number of direct reports:  1

Metrics (if applicable)

Other metrics (specify):  Business SLA

• Desktop Security Incident Response
• IT Infrastructure Security Incident Response (Server, Network)
• Quarterly Internal and External Scan
• Vulnerability Management Report KRI (Critical, High, Medium, Low) – Open VIT past target, in progress and in-flight
• Penetration testing finding (Critical, High, Medium, Low) -  Open Findings past target, in progress and in-flight
• Risk KRI from ISRA – Open Risk from ISRA
• Security Access Provisioning
• Security Dashboard and KRI
• Malware, DAT compliance, Unauthorized software, Email filters, USB port lockdown, network intrusion, Penetration tests and ISAT

Travel required (express as % of working time):  N/A

Job Category:

Posting End Date: