Information Security Expert/specialist

Hi-Tech & IT

**RESPONSIBILITIES**:

- Planning/studying/designing and implementing clould strategy/solution/architect on multi cloud
- Analyze/Developing prerequisites for cloud
- Practice with modern DevSecOps with automation (nice to have) Ability to automate repetitive tasks (scripting skills in Bash/PowerShell/ Python)
- Researching and implementing the updated security standards, systems, and best practices
- Detect and handle risks for IT systems, improve and maintain compliance
- Performing vulnerability assessment, security testing, and risk analysis
- Improving security standards & quality IT security services & reports
- Control and promote the implementation develop of IT security
- Test and evaluate new security solution/new security technology

**MAJOR ACTIVITIES**
- **Cloud Cybersecurity risk and compliance framework and management**:

- Accountable for development of the Cloud Security Design framework for new technology solutions
- Responsible for embedding best practice security through evaluation of suppliers
- Responsible for establishing security requirements needed to provide services securely
- Ensure compliance to current standards ISO27001, 27017-27018, PCI-DSS
- Defining requirements for risk and security and ensuring they are achieved
- Drive cyber security strategy compliance
- Align activities to current BAU audit activities from legacy business to ensure consistency in approach
- Manage and liaise with regulators
- Identify, highlight and remediate information security risk in the Bank

**2. Policy, Standards and Processes**
- Planning, studying and then designing a resistant security architecture for various IT/IT Security projects (clould/onpremise)
- Test and evaluate new security solution/new security technology
- Make sure that all workers follow the necessary corporate security policies and procedures that are defined, developed, implemented, and maintained for a seamless workflow.
- Create standards for all IT assets, such as routers, firewalls, LANs, WANs, VPNs, and other network devices... You have to determine their efficacy and efficiency.
- Comply with the Bank’s Information Security Policy, Regulations, Standards, and Process
- Provide feedback to enhance the current policies, regulations, standards and processes where necessary
- Communicate and ensure all staff understands and comply with the Information Security Policy, Regulations, Standards and Processes

**3. Operations, Reporting and Administration**
- Ensure that the Information Security Strategy and Plans are implemented as planned.
- Ensure that Information Security process are followed diligently. This may include Risks Management, Operating Security Services/Tools to support the Information Security Program of the Bank.
- Control approve the request/changes related to security, control activities of IT security: implementing, operating, vulnerabilities management
- Contribute to the IT Security Dash Board for Management
- Work with both internal/external audit during audit programs
- Training IT security awareness
- Collect, analyze and produce report for IT Security every month

**4. Area of Information Security Specialization**
- Provide the appropriate guidance and advisory in the area of specialization
- Be able to contribute to the Bank in terms of documentation, transfer of ideas and implementing the plans in the area of specialization

**REQUIREMENTS**:
**Educational Qualifications**
- Bachelor's or Technical Degree Required (IT, Cryptography, computer science, information systems, business administration or other industry-related curriculum)

**Relevant Knowledge/ Expertise**
- Have at least a minimum of 5 years of experience in the area of specialization
- Have a good knowledge international IT security standards (ISO 270001, PCI-DSS, ), ITIL
- Work experience with one or more cloud service providers
- Deep understanding of cloud service architecture with emphasis on security in the cloud
- Solid understanding of modern information security methodologies and standards, especially in cloud environment
- Cloud/Security certification desired
- Knowledge and experience supporting IAM, security operations and threat response
- Practice with modern DevSecOps with automation (nice to have)Ability to automate repetitive tasks (scripting skills in Bash/PowerShell/ Python)
- Expert with architect, security technology, integration
- Have good knowledge with pen test with OWSAP Standard and ability discovery & exploit vulnerabilities, cyber attack
- Good knownleged some tools for hacking: VA, APPScan, Metaexploit, kalilinux
- Experienced in implementing ISO27000/PCI-DSS is preferred
- Have good knowledge with secure coding with some languages: Python, Shell, PHP and have good knowledge with encryption, cryptography techniques

**Skills**
- Have ability to read and understand the professional documents in English.
- Strong interpersonal and communication skill
- Be able to catch up and manage works quickl