consultant, IT Security - Bukit Merah

You will be performing the following scope of work for the IT Security systems and devices

1. IT Service Management
2. Cybersecurity Incident Management
3. IT Security Management
4. IT Security Compliance & QA Management
5. Risk Management
6. Security Operation and Monitoring tool Management

The following are the activities in each scope of work: Service Management

• Monitor and report on the SLA/KPI of the in-scope systems, grouped under the System Family, to the client
• Liaise and work directly with client (stakeholders, Ops Managers and/or Contractors) for purpose of project delivery and maintenance support.
• Monitor and update client on operation concern and/or compliance matters and propose resolution.
• Provide monthly summary and/or progress report on systems health, statuses, risk status and status of CR/SR and System Problem.
• Conduct and/or participate in management update meetings - Operations, Audit and Management Meeting.
• Review reports from Operations & Support (O&S) project teams within the System Family .
• Provide support to O&S Project teams during Audit, DR/BCP, Backup & Recovery exercise.
• Propose continuous improvement initiatives with recommendations to strengthen IT governance & compliance, increase efficiency on work quality and processes.
• Prepare Management plan and submit compilation to the Client annually

• Periodically review IT asset inventory (hardware, software, network equipment, network attached equipment and end-points) records maintained and updated by Client appointed Asset Officer.
• Maintain oversight and review the Obsolescence at System Family Level.
• Prepare and submit report to Client

• Lead investigation and resolution of Security incident
• Conduct root cause analysis and recommend improvement solution for recurrent incident to Client.

• Schedule security scan for identified systems according to policies and verify all vulnerability rectifications are satisfactorily performed.
• Conduct Security Review on System Access and administration patterns weekly, and report unusual or suspicious activities, if any, to client.
• Track, mitigate and deploy patch security vulnerabilities accordingly to the stipulated timeline. Maintain oversight and submit reports on monthly basis.
• Escalate and/or seek Client’s acceptance and approval of assessed risks.
• Manage and administer any security monitoring tools including splunk, arcsight, EDR are addon advantage.

• Ensure compliance status of the Systems adheres to applicable standards, polices, directives and guidelines.
• Review weekly/monthly account review based on the requirements.
• Review weekly/monthly log review based on the requirements.
• Declare, review and report compliance status to head office annually.
• During audit exercise, work with stakeholders to provide responses and evidence to auditors or compliance related declarations.
• Provide a Rectification Plan on any gaps found.
• Provide rectification plan for issues arising from audit.
• Seek waiver on compliance whenever it is justifiable.
• Ensure all applicable standards, policies, directives, guidelines, deliverables and quality assurance records are filed and kept up to date for audit and review purposes.
• Work with Client on system enhancement required for policy changes and audit requirements.

• B.E/B.Tech or any qualified Degree in Information Systems, Computer Science or similar relevant field
• Certification in CISSP / CISA / CISM / CRISC / CGEIT for IT Security is a must
• At least 5 years of relevant experience in Cybersecurity / information systems security practice including governance, managing security policies and systems and assessing threats and vulnerabilities with at least 10 years of IT experience