Corporate

Job Responsibility:

Responsible to ensure the security and resilience of our company's IT infrastructure. It is responsible for safeguarding against cyber threats, managing incident responses, ensuring regulatory compliance, and maintaining the integrity and availability of IT systems.

1. Design and Implementation of Secure Infrastructure

- Design and architect secure, scalable, and resilient IT infrastructure solutions that align with company’s business objectives and regulatory requirements.

- Ensure infrastructure design integrates security best practices, including zero trust architecture, segmentation, and encryption.

- Collaborate with IT teams to implement secure network, server, and storage solutions.

 2. Security Assessment and Risk Management

- Conduct security assessments of existing and proposed infrastructure to identify vulnerabilities and risks.

- Develop risk mitigation strategies to address gaps in security posture.

- Work with the IT Risk Management team to align infrastructure security with company's overall risk appetite.

3. Collaboration with Cross-Functional Teams

- Partner with cybersecurity, compliance, and IT operations teams to ensure infrastructure security aligns with organizational goals.

- Provide technical expertise in incident response and forensic investigations related to infrastructure breaches.

4. Threat Management and Incident Response

- Monitor infrastructure for security threats and implement measures to prevent, detect, and respond to cyberattacks.

- Develop and maintain incident response plans for infrastructure-related security incidents.

5. Compliance and Regulatory Reporting

- Ensure infrastructure security measures comply with relevant regulations and standards.

- Provide technical expertise for audits and regulatory inspections, ensuring Company meets all compliance requirements.

- Maintain documentation of security controls and configurations for audit and reporting purposes.

- Generate reports on infrastructure security posture, risks, and mitigation efforts for senior management and stakeholders.

 6. Vendor and Third-Party Management

- Evaluate and manage infrastructure security risks associated with third-party vendors and cloud service providers.

- Ensure vendor solutions align with Company's security standards and requirements.

Requirements:

• Bachelor’s degree in information technology, Computer Science, Risk Management, or a related field.
• Professional certifications such as CRISC, CISM, CISSP, or ISO 27001 Lead Auditor/Implementer are preferred.
• Minimum 5–7 years of experience in IT risk management, cybersecurity, or a related field.
• Knowledge of regulatory standards such as MAS TRM. 
• Strong knowledge of IT risk management frameworks and methodologies.
• In-depth understanding of cybersecurity principles, IT controls, and regulatory requirements.
• Proficiency in assessing and managing third-party/vendor risks.
• Analytical thinking and the ability to assess complex IT environments.
• Strong communication and presentation skills to interact with stakeholders at all levels.
• Experience with IT risk management tools and technologies.