Senior System Engineer Security in MY

JOB DESCRIPTION:
_

As an IT Security Systems Engineer you will be responsible for planning and implementing security measures to protect client’s data on computer systems, networks and cloud environments according to the information security policies and framework that aligns with the business requirements. Your role will work closely with client’s Technical Delivery Manager & Information Security and Risk manager in ensuring operational effectiveness of controls in order to maintain the Information Security Management System and to ensure that client is effectively delivering against required information security standards and regulatory requirements.

Responsibilities:

  • Manage a wide variety of security solutions to assist in protecting the organisations data.
  • Proactively identify risk in the Technology department and report this to the risk manager
  • Undertake risk assessments and provide recommendations to manage key risks
  • Participate in assisting the Information Security & Risk manager in managing technology risk including driving the completion of risk remediation actions
  • Manage the implementation and adherence to security controls within Technology as part of client’s Internal Control Framework & ISO requirements
  • Maintain currency and applicability of subject matter knowledge relating to all aspects of information security (e.g. emerging threats; legislation; statutory changes)
  • Maintain relationships with external bodies on information security issues where appropriate
  • Conduct risk assessment of third-party service providers
  • Work with internal stakeholders on assurance program to ensure that internal compliance standards are applied, and adhered to
  • Participate in addressing findings from internal and external audits
  • Identify and report on internal and external factors affecting client’s information security (e.g. emerging technology; business environment)
  • Represent Technology as the technical SME for both internal and external auditors (e.g. such as those appointed by regulators, financial auditors etc) and manage any preparation activities
  • Assist the Technical Delivery Manager & Information Security Manager with managing audit findings and work with relevant teams across Technology to close out findings
  • Participate and support the Information Security Manager in driving the integration of information security requirements into required processes and agreements to ensure client data and claims information entrusted to client is secured
  • Test and report on the effectiveness of information security controls
  • Provide guidance and advice on information security matters
  • Work closely with teams in the Technology department, service providers and partners to implement effective security measures to protect client’s data & claims information entrusted to client
  • Participate in the management and response to any disruption or failures in client’s information processing systems due to security related events.
  • Participate in the resolution of security incidents, where appropriate
  • Review identified security breaches to ensure that client’s assets and information are appropriately secured.
  • Train and support technology team members to respond to information security incidents.
  • Conduct root cause assessments in response to incidents and/or identification of non-conformities in order to identify correct causality and the corrective actions required
  • Mentor and assist other team members in improving their security skills and knowledge to support the organizations security solutions.
  • Contribute to the overall planning of security related activities within Technology
  • Undertake ad-hoc governance projects as required
  • Completing ad-hoc requests from management relating to security or forming part of client’s security position

Qualifications:

  • Minimum 8 years’ experience of information security management within a large financial highly regulated industry
  • Experiencing in managing and implementing a wide range of technical solutions
  • Experience performing technical vulnerability assessments & remediation activities
  • Experience working with intrusion & malware detection/protection solutions
  • Solid experience administering operating systems, including Windows server, Linux and desktops
  • Deep understanding of network protocols, network security & system security
  • Experience with Microsoft cloud solutions (O365, Azure)
  • Proficient in one or more scripting languages to implement automation initiatives
  • Experience working in an operational capacity i.e. not in an oversight capacity, must have hands-on experience
  • Experience working with international standards such as NIST, ISO etc.
  • Experience in implementing and managing security controls based on the ISO27001 standard
  • Experience with implementing and demonstrating compliance with regulatory requirements
  • Stakeholder management at different levels across the organization
  • Demonstrated understanding of information security challenges faced by a large Australian financial institution, in a highly regulated environment
  • Demonstrated analytical skills and the ability to apply these skills to problems, and solve complex issues
  • Ability to liaise effectively with a wide range of stakeholders (including exec management & board members)
  • Demonstrated ability to organise and prioritise workloads whilst undertaking a wide range of tasks
  • Experience evaluating compliance to policy, standards and procedures
  • Demonstrated ability to produce and present reports and meaningful information to senior management and executive level
  • Ability to understand business context, identify issues and analyse and correlate information
  • Excellent oral and written communication skills
  • Strong technical knowledge in IT security principles
  • A positive, results driven attitude.
  • Working hours: Mon-Fri, AU Business Hours