Description
Duties and Accountabilities:
- Support the Policy and Compliance teams efforts in developing and maintaining information security standards baseline for applicable technologies and information systems within the Group.
- Review and update existing Group information security standards, develop new baseline standards where applicable, including but not limited to UNIX security standards, Windows security standards, Database security standards, Infrastructure security standards, Mobile device standards and Web security standards by liaising with the Operations Team and respective IT and business units within the Group.
- Ensure that the revised information security standards are aligned to information security policies, business requirements, information technology strategy, legal/regulatory requirements and leading industry standard frameworks such as ISO 27001 and NIST.
Selection Criteria:
- Bachelors Degree in Computer Science, Information Systems or other related field or equivalent work experience and a minimum of 5-7 years experience working in an information security. information technology or information risk management related field.
- Demonstrated experience in developing technical information security standards in various technologies across the operating system, network, database and application layers.
- Demonstrated knowledge of security controls for network, database, application and operating systems.
- Familiarity and understanding of broad range of IT hardware and software products.
- Knowledge and work experience of software development and maintenance process.
- Thorough understanding of best practice and industry standards including, but not limited to NIST and CIS.
- Good knowledge and demonstrated work experience of the use of ISO 27001 control framework.
- Familiarity with industry standards, laws and regulations, including but not limited to ISO 27001, ISO 20000, and SOX.
- Possession of industry certifications highly preferred including, but not limited to Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), and Information Systems Security Management Professional (ISSMP), ISO 27001 Lead Auditor.
- Possess excellent written and verbal communication skills, and be able to interact well with peers and internal customers.