Maintain and publish information security policies, procedures, standards and guidelines based on knowledge of best practices and compliance requirements
Generate and follow-up on baseline scan and hardening compliance checks
Handle security incidents and alerts from GCSOC, GICS and security devices
Compile and review access rights report
Perform regular user and infrastructure account/logins reviews
Handle and assess reported phishing emails
Manage and track security advisories from GITSIR and Principals
Review and follow-up on security events generated by Splunk, ArcSight and other SIEM tools
Perform and generate regular VA report. Do assessment and follow-up of vulnerabilities identified from servers, network and web application scans
Collaborate with stakeholders for risk management, mitigation and remediation measure.
Perform patch management tasks such as maintaining current knowledge of available patches, deciding what patches are appropriate for systems and work with Ops team to ensure required patches are installed within timeframe
Liaise and support IT security audit and review, track open audit issues to closure
Identify issues that could bring impact and escalate any serious issues and violations, highlight security status and concerns to management
Periodic reporting of security status to management
Point of contact to assist and advise on ICT security related matters
