Manager, IT Security, Technology Management VN

Key Responsibilities * 

• Develop a complete understanding of a company’s technology and information systems • Design, build, implement and support enterprise-class security systems • Align organizational security strategy and infrastructure with overall business and technology strategy • Identify and communicate current and emerging security threats • Design security architecture elements to mitigate threats as they emerge • Plan, research and design robust security architectures for any IT project • Perform or supervise vulnerability testing, risk analyses and security assessments • Create solutions that balance business requirements with information and cybersecurity requirements • Identify security design gaps in existing and proposed architectures and recommend changes or enhancements• Review and approve installation of firewall, VPN, routers, IDS scanning technologies and servers. • Test security systems to ensure they behave as expected. • Use current programming language and technologies to writes code, complete programming and performs testing and debugging of applications. • Provide supervision and guidance to a security team. • Define, implement and maintain corporate security policies and procedures. • Train users in implementation or conversion of systems. • Respond immediately to security-related incidents and provide thorough remedial solutions and analysis. • Regularly communicate vital information, security needs and priorities to upper management. • Work as part of a team of software and security engineers, with a high degree of freedomto design and build best-in-class offerings. • Point of contact for product teams as it relates to automation, CI/CD, and DevOps and/or DevSecOps. • Build tools and automation scripts that enable developers to easily consume security services delivered by the AppSec team. • Design and test solutions to unique and interesting challenges. • Investigate security breaches and other cyber security incidents. • Document security breaches and assess the damage they cause. • Recommend remediation for security breaches. • To identify and eliminate manual processes using automation for areas involving information security. • Seeking to build in security during the development stages of software systems, networks and data centres. • Looking for vulnerabilities and risks in hardware and software. • Finding the best way to secure the IT Infrastructure of an organization. • Building firewalls into network infrastructures. • Constantly monitoring for attacks and intrusions. • When the cybersecurity specialist finds a potential threat or attempted breach, closing off the security vulnerability. • Identifying the perpetrator and liasing with the police if necessary.

 

Requirements:

University degree in fields of Computer Science; Information System Engineer, Management Information System or equivalent required.

CCSP, Security+, CKS (Certified Kubernetes Security), ITIL. • Recognised certifications for industry accpeted IT governance standards such as ITIL is an advantage

Minimum 5 years working in IT fields with at least 3 yearfrom Information Security.

Technical/Functional skills • Experience with infrastructure vulnerability and penetration testing and techniques• Understanding of firewalls, proxies, SIEM, antivirus, and IDPS concepts. • Ability to identify and mitigate network vulnerabilities and explain how to avoid them. • Understanding of patch management for servers and end units with knowledge of how patches are deployed and understanding the business impact • Risk assessment procedures, policy formation, role-based authorization methodologies, authentication technologies and security attack pathologies • Security Configuration of Windows, Linux, DBMS (MS SQL/MySQL). • Good technical understanding of enterprise IT; web applications, databases, operating systems, server/desktop hardware, mobile devices and networking technologies. • Good knowledge of information security controls, guidelines and standards, ISO, NIST, OWASP • Familiar with regulatory guidelines such as SBV’s Circular 09, Circular 20

Personal skills (Soft Competencies [Core/Leadership]) • Ability to multitask, proactive, build relationships and interact/network effectively with internal and external parties. • Problem solving skills • Flexible and team work

With operations that span 15 different markets across the region, the opportunity to expand your experience, test your capabilities, and exhibit your resilience is ample.  #teamCIMB  is always keen to welcome the ones who are ready to make that very special difference – for themselves and the bank.