Description
Areas of Responsibility
MAJOR ACTIVITIES
1. Provide expertise in vulnerability management processes and network vulnerability scanning to reduce potential impact on business
2. Configure network scans, schedule network scans to run with bandwidth use in mind, and ensure accurate vulnerability assessment
3. Monitor all aggregated security vulnerability data to provide opinion on the security posture of the estate
4. Facilitate approval of business operation change requests and administration/policy configuration of all Infrastructure tool sets
5. Review and manage Security Events or policies, investigating incidents and managing them through the life cycle up to remediation/resolution and lesson learnt phase
6. Helping develop/modify the current security/vulnerabilities support service model, identify actions and work plan according to the security gap remediation program
7. Coordinate security and patching works among infrastructure teams in the APAC region and consolidate monthly report to keep track of progress
8. Work alongside Cybersecurity SMEs to interpret metrics, enable their collection and visualisation
9. Analysing scan report results, drawing up conclusions and gaining agreement with teams and carry out remediate actions according to deadlines
10. Documenting the as-is and to-be processes and procedures and prepare to file exceptions on case by case basis according to the guidelines
11. Monitoring and reporting progress of agreed work packages, socialising any concerns or gaps that will impact ability to deliver
Areas of Accountability
1. Produce/present regular Security reports, dashboard and summary of current status
2. Reduction in the total vulnerabilities' items and security backlogs
3. Help driving the implementation of security tools and agents
Selection criteria
1. Solid experience on Infrastructure Security/Vulnerability management role in corporate environments
2. Experience to use security tools, manage, consolidate and comprehend vulnerabilities reports eg Sentential One, Brinqa, Tenable, Qualys, Alertlogic
3. Familiar with security remediation processes, diagnose and resolve security risk items with internal teams such as patching and troubleshooting
4. Preferably experience in media industry across media supply chain operational environments
5. Excellent IT skills (Windows and Linux) and preferably exposure to Scripting (eg Ansible, Python)
6. Experience with collaboration solutions such as SharePoint, Microsoft Teams, Slack, OneDrive etc.
7. Experience of defining/enforcing security remediation operational arrangements eg change process, support Matrix and workflow
8. Presenting recommendations to different stakeholders and gaining sign-off by addressing queries from different stakeholders
9. Critical thinker and ability to work well under pressure with tight deadline
10. Good verbal and written communication skills, with ability to communicate technical concepts to non-technical audiences