System Security Engineer

Provide security expertise and management services to support Authority in activities such as:

• Internal/external audits (IM8, Cybersecurity, etc)

• Policies compliance (IM8, Cybersecurity, etc), work with vendor on:

- Vulnerability management compliance reports and patch reports

- Filing of documents and Security Scorecard for audit purpose, to produce it as required

- Monthly logs review. e.g., privilege user activities

- Vulnerability/ Compliance Assessments

- Penetration Tests and Source Code Reviews

• Disaster Recovery (DR) and Business Continuity Planning (BCP):

- All relevant activities related to the DR and BCP planning

- Checks on system backup completion by vendor and datacentre

- Document update and implementations.

• ICT/Threat Risk Assessments (TRA)

• Monthly reviews of privileged accounts and non-privileged account, disable inactive accounts

• Seek security waivers (IM8, Cybersecurity Act, Circulars etc)

• Circulate security notifications/alerts to vendors and ensure status updates too all stakeholders including cybersecurity centre

• Security monitoring/tracking:

- Monitor alerts from SOC

- Update stakeholders regarding SOC alerts

- Review compliance reports with vendors to ensure that system is compliant

- Manage, track and update any security incidents/ issues to all stakeholders

- Review Incident Report (if any)

• Patching:

- Ensure patches are tested and verified before seeking approval for patching downtime

- Communicate system downtime to all stakeholders

- Ensure system availability after patching is completed

• Obsolescence management for software licenses, hardware, operating systems and certificates

• Security enhancement/integration

• Support the submission of security clearance for related vendors

• Perform other related duties as assigned or requested

Requirements

• Diploma or Bachelor’s Degree in Cybersecurity/InfoSec/Information Technology/Information Systems/Business IT or its equivalent

• Relevant professional certifications, such as CISSP, CISM, CEH, or other security certifications

• Minimally 1-2 years of experience in cybersecurity and supporting mission critical systems with very stringent SLA e.g. 99.9%

• Well-versed in cybersecurity best practices and establishing of its policies

• Well-versed in IT Service Management (ITSM) standards, processes, guidelines and best practices

• Able to cope in a highly pressured fast-paced environment

• Prior working experience in cyber security and vulnerability management is preferred

• Strong knowledge of security principles, best practices, and industry standards, such as NIST, ISO 27001, and CIS Critical Security Controls

• Able to understand security posture of systems

• Prior working experience in Project Management is a plus point

• Able to understand the system and software architecture, and user operations environment

• Willingness to pick up any new technologies