Job Description
Job purpose
- Ensure all IT Security & Governance deliver services above the agreed SLA.
- Ensure all IT Security & Governance projects are delivered as per requirements and within cost and time.
- Ensure IT Security & Governance expenses are within the budget, or acceptable variance.
- Ensure IT Security & Governance team is equipped and motivated to deliver their tasks.
Major accountabilities
Lead and manage day to day activities and development of IT security and governance team and working as subject matter expert in area of IT Security & Governance to provide high level consultation and guidance for IT team and / or business users.Develop and maintain local IT security related operating guidelines based on corporate policies and standards.Define and implement accurate control, documentation and regular revalidation processes for all system access rights provisioning and software licenses usage.Manage project coordination and reporting as assigned as part of project Security Review processWork closely with IT Security team in regional and corporate for alignment of required Security Advisory activities, projects, and reporting.Formulate action plan, tracking, reporting and timely resolution of all relevant incidents / problems / audit findings.Lead the coordination and work closely with other IT team stakeholder to support External and Internal Audit related to IT General Control Audit (ITGC), ISO 27001 and Bussines Internal Audit, specifically in relation to Information Security area.Specialized knowledge
Understanding of Life Insurance Business Processes.
Overall understanding of IT Security & Governance that covers :
IT Architecture Security reviewExpert knowledge and experience in IT Security & Governance related processes and implementations.Good knowledge and experience in IT Security Framework and controls : NIST, ISO 27001, COBIT, SOC2, PCI DSS, GDPR, CIS Controls.Good knowledge and experience in various IT technologies such as Windows, Unix, Computer networking, Firewall, antivirus, encryption tools, web filtering, sniffer, pen-test and other related security supporting tools / systems.Portfolio / Program & Project Management
Security Incident & Problem management
Soft Skills
Good communicationProblem solving abilityNegotiation / conflict resolution abilityStrong LeadershipProblem solving
Varied to Complex depending on the situation.
IT Security & Governance : Predominantly Varied to ComplexIT Security Projects : Predominantly Varied to ComplexEducation and experience
Degree in Computer Engineering / Computer Science.At least 5 years of experience in IT, with minimum of 3 years in IT Security and / or team leading experience. Preferably in financial sector.Certification in CEH, CHFI, ECIH, CISM, CISSP, and ITIL, Six Sigma or other relevant industry standard is preferable.Communication scope
Internal
Business users, IT Management and other department leader. IT Application and Production Support team. Corporate, Regional and Enterprise Services Security Team Internal Audit
External
Security and technology Interest Group, External Audit, Vendors , Regulatory body in relat to Cyber Security response, BSSN, etc.
Management scope
Total number of direct reports : 1
Metrics (if applicable)
Other metrics (specify) : Business SLA
Desktop Security Incident ResponseIT Infrastructure Security Incident Response (Server, Network)Quarterly Internal and External ScanVulnerability Management Report KRI (Critical, High, Medium, Low) – Open VIT past target, in progress and in-flightPenetration testing finding (Critical, High, Medium, Low) - Open Findings past target, in progress and in-flightRisk KRI from ISRA – Open Risk from ISRASecurity Access ProvisioningSecurity Dashboard and KRIMalware, DAT compliance, Unauthorized software, Email filters, USB port lockdown, network intrusion, Penetration tests and ISATTravel required (express as % of working time) : N / A
Job Category :
IT - Technology Services
Posting End Date : 29 / 09 / 2025
