Assistant Manager/ Manager, Information Security

Primary Objectives of Position

Manage information security operation to ensure the safe use of information systems and assets as well as protect information assets against cybersecurity threats.

Manage various stages of projects in conception and initiation, planning, execution, performance/ monitoring, and project closure.

• Establish, implement, and maintain a sustainable information security framework that effectively addresses evolving and diverse cybersecurity threats.
• Perform risk assessments on IT systems, network and applications for vulnerabilities and implement security controls to reduce identified risks to an acceptable level.
• Perform information security audits to determine security violations and inefficiencies and recommend effective security controls.
• Hold management review and lessons learned meetings to help improve information security measures and incident handling process.
• Monitor security alerts/ logs from IT systems, network and applications against baselines and gather publicly available information to identify precursors or indicators of cybersecurity attacks.
• Contain and eradicate cybersecurity incident effectively to prevent recurrence and restore systems and recover normal operations as quickly as possible.
• Publish security advisories, conduct security workshops, and share lessons learned to improve users’ awareness regarding information security matters.
• Oversee information security investigations with internal team, funders, and local authorities and/ or 3rd party providers.
• Participate in various meetings and share compliance/ performance reports and audit findings to Management teams.
• Liaise with internal and external stakeholders in implementing information security related measures or projects.
• The above activities are no means exhaustive and are subjected to amendment whenever is needed.

Job Requirements

• Degree in Information systems or equivalent.

• 2 years’ experiences in setting up and managing information security operations.

• Experiences in ISO27001 ISMS, CIS, and/ or NIST frameworks.
• Experiences in managing threat, vulnerability and incident, and understanding in digital forensic investigation, tools, and processes.
• Knowledge in security protections, practices, or solutions like Firewall, IDS/ IPS, network segmentation, DLP, WAF, NAC, WiFi security, cryptography, endpoint protection, OWASP, etc.
• Certifications in CISA, CISM, CISSP and/ or PMP will be an advantage.
• Knowledgeable in Microsoft Office and other Windows and web applications.

• Meticulous and hands on.
• Excellent communication and written skills.
• Strong analytical and problem-solving skills.
• Team player with excellent interpersonal skills and multi-tasker.
• Customer-centric and proactive.