Senior IT Security Systems Engineer in MY – J-1712

JOB DESCRIPTION:
_

About the role

As an IT Security Systems Engineer you will be responsible for planning and implementing security measures to protect client’s data on computer systems, networks and cloud environments according to the information security policies and framework that aligns with the business requirements.

Your role will work closely with client’s Technical Delivery Manager & Information Security and Risk manager in ensuring operational effectiveness of controls in order to maintain the Information Security Management System and to ensure that client is effectively delivering against required information security standards and regulatory requirements.

You will assist with establishing and maintaining an effective continuous threat and vulnerability monitoring program, dealing with incident detection, analysis and remediation. The IT Security systems engineer will have an operational and technical security focus to deliver cyber-security initiatives. You will provide guidance to the security requirements for technical proposals and specification documents.

You will assist the various teams in Technology to implement security measures and controls and guide them on ensuring the effective management of these controls to continuously improve our security posture, but also continue to maintain the required balance to allow our business users to operate adequately.

Position environment

Our client is committed to achieving a high level of service to its members / policy holders and focuses on the pro-active management of policies and claims.  It operates in a highly regulated environment with a large share of its financial success dependent upon achieving measures set by regulators.  This position operates in an outcome driven environment. This position may involve international travel.

Key results areas and accountabilities

  • Information Security Risk Management
    • Manage a wide variety of security solutions to assist in protecting the organisations data.
    • Proactively identify risk in the Technology department and report this to the risk manager
    • Undertake risk assessments and provide recommendations to manage key risks
    • Participate in assisting the Information Security & Risk manager in managing technology risk including driving the completion of risk remediation actions
    • Manage the implementation and adherence to security controls within Technology as part of client’s Internal Control Framework & ISO requirements
    • Maintain currency and applicability of subject matter knowledge relating to all aspects of information security (e.g. emerging threats; legislation; statutory changes)
    • Maintain relationships with external bodies on information security issues where appropriate
    • Performance review
    • Ad hoc control; compliance; internal/external audits and reviews
  • Information Security Governance
    • Work with internal stakeholders on assurance program to ensure that internal compliance standards are applied, and adhered to
    • Participate in addressing findings from internal and external audits
    • Identify and report on internal and external factors affecting client’s information security (e.g. emerging technology; business environment)
    • Performance review
    • Feedback from peers
    • Feedback from stakeholders
  • Internal / External audit stakeholder management
    • Represent Technology as the technical SME for both internal and external auditors (e.g. such as those appointed by regulators, financial auditors etc) and manage any preparation activities
    • Assist the Technical Delivery Manager & Information Security Manager with managing audit findings and work with relevant teams across Technology to close out findings
    • Stakeholder feedback
    • Ad hoc control; compliance; internal and external audits and reviews
  • Cyber & Information Security Program
    • Participate and support the Information Security Manager in driving the integration of information security requirements into required processes and agreements to ensure client data and claims information entrusted to client is secured
    • Test and report on the effectiveness of information security controls
    • Provide guidance and advice on information security matters
    • Work closely with teams in the Technology department, service providers and partners to implement effective security measures to protect client’s data & claims information entrusted to client
    • Performance review
    • Stakeholder feedback
  • Security Incident Management & Response
    • Participate in the management and response to any disruption or failures in client’s information processing systems due to security related events.
    • Participate in the resolution of security incidents, where appropriate
    • Review identified security breaches to ensure that client’s assets and information are appropriately secured.
    • Train and support technology team members to respond to information security incidents.
    • Conduct root cause assessments in response to incidents and/or identification of non-conformities in order to identify correct causality and the corrective actions required
    • Performance review
    • Stakeholder feedback
  • Other accountabilities
    • Mentor and assist other team members in improving their security skills and knowledge to support the organisations security solutions.
    • Contribute to the overall planning of security related activities within Technology
    • Undertake ad-hoc governance projects as required
    • Completing ad-hoc requests from management relating to security or forming part of client’s security position
    • Other duties as requested
    • Feedback from Manager

Skills

  • Demonstrated understanding of information security challenges faced by a large Australian financial institution, in a highly regulated environment
  • Demonstrated analytical skills and the ability to apply these skills to problems, and solve complex issues
  • Ability to liaise effectively with a wide range of stakeholders (including exec management & board members)
  • Demonstrated ability to organise and prioritise workloads whilst undertaking a wide range of tasks
  • Experience evaluating compliance to policy, standards and procedures
  • Demonstrated ability to produce and present reports and meaningful information to senior management and executive level
  • Ability to understand business context, identify issues and analyse and correlate information
  • Excellent oral and written communication skills
  • Strong technical knowledge in IT security principles
  • A positive, results driven attitude.

Experience

  • Minimum 8 years’ experience of information security management within a large financial highly regulated industry
  • Experiencing in managing and implementing a wide range of technical solutions
  • Experience performing technical vulnerability assessments & remediation activities
  • Experience working with intrusion & malware detection/protection solutions
  • Solid experience administering operating systems, including Windows server, Linux and desktops
  • Deep understanding of network protocols, network security & system security
  • Experience with Microsoft cloud solutions (O365, Azure)
  • Proficient in one or more scripting languages to implement automation initiatives
  • Experience working in an operational capacity i.e. not in an oversight capacity, must have hands-on experience
  • Experience working with international standards such as NIST, ISO etc
  • Experience in implementing and managing security controls based on the ISO27001 standard
  • Experience with implementing and demonstrating compliance with regulatory requirements
  • Stakeholder management at different levels across the organisation
  • Preparing papers for senior management

Competencies

  • Planning & Organizing – Plan and priorities programs, task and activities to ensure timely completion of deliverables.
  • Business Acumen– Using economic, financial, market, and industry data to understand and improve business results; using one’s understanding of major business functions, industry trends, and own organization’s position to contribute to effective business strategies and operational effectiveness.
  • Communication – Clearly convey information and ideas through a variety of mediums to individuals or groups in a manner that engages the audience.
  • Build Working Relationships – Developing and using collaborative relationships to facilitate the accomplishment of deliverables.
  • Decision Making– Identifying and understanding issues, problems, and opportunities; comparing data from different sources to draw conclusions; using effective approaches for choosing a course of action or developing appropriate solutions; taking action that is consistent with available facts, constraints, and probable consequences.
  • Driving for Results – Setting high goals for personal and group accomplishment; using measurement methods to monitor progress toward goals; tenaciously working to meet or exceed goals while deriving satisfaction from that achievement and continuously improve.
  • Customer Focus – Ensuring that the customer perspective is a driving force behind business decisions and activities; crafting and implementing service practices that meet customers’ and own organization’s needs.

Qualifications

  • Certified Information Systems Security Professional (CISSP) or relevant security certification
  • A degree or post graduate qualification in computer science, business or relevant field
  • Knowledge of relevant requirements and standards such as ISO27001:2013, NIST, etc
  • Knowledge of ITIL and AGILE methodology will be highly regarded