Lead IT Security Engineer - Security Governance & Assurance

Key Responsibilities

• Take ownership of cybersecurity programs including cyber security policies, regulatory audits, compliance management, metrics, risk and performance indicators, senior management reporting
• Track and monitor new security regulatory guidelines, assess the compliance of and impact to the organization's security policy architecture, and develop, review and update information security policies and standards to comply with the regulatory requirements as required
• Manage and liaise with both internal and external IT security audits of which the scope includes security risk assessment review, penetration testing and compliance audits
• To support business initiatives by ensuring relevant security controls are in place for products and services delivered by the organization, including third parties.

Requirements

•    Degree in Computer Science, Engineering or any other related disciplines with at least 8 years of progressive experience in Information security, including experience in security policy development, risk assessment, compliance implementation & monitoring and governance.

•    Good working knowledge of enterprise security risk management methods and techniques to successfully deliver the security risk management and assessment outcome. 

•    Prior experience in implementing a program which includes the collation, management and reporting of security metrics (KRI) such as vulnerability management, open software security vulnerabilities, penetration testing findings, security alerts and incidents

•    Experienced in information security frameworks including ISO27000, NIST800-53 and regulations such as Cybersecurity Act, Technology Risk Management Guidelines and Personal Data Protection Act.

•    Good project management skills: ability to handle multiple projects simultaneously, reprioritize as needed

•    Ability to work in a team environment and work independently with minimal supervision and produce results that meet standards of quality, timeliness and acceptability

•    Willingness to deep-dive and learn about the Information Security function within the payments domain