Permanent Senior Information Security Analyst
My client a large enterprise organisation are currently searching for a Senior Information Security Analyst to enhance and protect the reputation of the operational resilency of the organisation. You will be expected to protect the company’s information, information systems and network infrastructure; establish IS and Data Privacy governance, policies, standards and guidelines and identify IS threats and vulnerabilities and effectively manage the risks.
Your Responsibilities –
- Perform information security risk assessment and technical advisory in assigned project areas to ensure that all identified information security risks are mitigated and requisite information security controls are implemented.
- Analyse and quantify potential effect and consequences on overall business and operations of the information security risks identified in the information security risk identification process
- Evaluate qualitative information security risks and assess potential business impact should adverse incidents occur
- Prioritise information security risks based on overall business impact
- Recommend information security risk mitigation actions to address risks
- Conduct cost-benefit analysis to build business case
- Document and formalise information security risk assessment results
- Review information security risk assessment regularly.
- Produce codes of practices and assist in the development and implementation of standards and guidelines in new technologies and new security practices, particularly in the area of SIEM and security data analytics and visualisation.
- Review organisational security architecture, standards and procedures
- Develop information security standards and operational procedures.
- Develop and provide advisory on IT operational procedures to ensure compliance with enterprise information security architecture and standards, particularly in the area of IS risk and incident management.
- Identify and define scope of IT operational procedures
- Formalise or participate in a working group for information gathering
- Maintain existing security policies, standards, procedures and technical documentations
- Draft and document operational procedures taking into consideration of project members’ inputs, existing security framework and technical documentations
- Propose the drafted IT operational procedures for project management endorsement
- Formalise proposed operational procedures by obtaining management endorsement
- Perform regular review, solicit feedback from working group to fine-tune formalised operational procedures.
- Review business information security risk management processes within the project scope.
- Ensure effective communication with and management of project stakeholders and team members
- Advise management and team members effectively, and manage third parties to ensure successful project execution.
- Graduate qualifications in computer science or engineering.
- More than ten years of experience in IT industry, with more than half of them in information security operations
- Deep knowledge of SIEM technologies and Security Operations Centre (SOC) operations
- A track record of delivery over at least five years as a team leader
- Good understanding of data analytics and visualisation
- Demonstrate a practical awareness of commercial and contractual issues.
- Ability to communicate at all levels within the organisation
- English proficiency (written and spoken)