Responsibilities:
- Conduct vulnerability assessments, and risk analysis across systems, networks, and applications.
- Identifying and assessing potential security threats to company data and systems and implementing measures for mitigation.
- Design and implement security policies, standards, and procedures tailored to client environments.
- Ensure alignment with regulatory frameworks (e.g., ISO 27001, NIST, GDPR, PDPA) and assist clients in achieving compliance.
- Advise on incident handling, forensic investigations, and recovery strategies in incident response support.
- Evaluate and recommend improvements to existing security infrastructure and architecture.
- Deliver workshops and training sessions to improve client staff's cybersecurity awareness.
- Prepare detailed reports on findings, recommendations, and remediation plans during security incident.
Required Skills & Qualifications:
- Bachelor's degree in computer science, Information Security, or related field.
- Minimum of 3 years in IT infrastructure security or security operations.
- Proficiency with tools like SIEM, EDR, IDS/IPS, vulnerability scanners, and endpoint detection platforms.
- Project management and stakeholder engagement skills.
- Strong knowledge of security frameworks and technologies.
- Certifications such as CISSP, CISA, OSCP, CEH, or ISO 27001 Lead Implementer are preferred.
- Excellent communication and presentation abilities for both technical and non-technical audiences.
