Job Responsibilities:
Create, implement, and manage Data Security functions and processes;
Create, implement, and manage data loss prevention program including processes, procedures, training, and playbooks;
Improve maturity level of data security to the defined higher level; and measure and report the progress regularly by developing Key Performance Indicators (KPI) / metrics for performance and risk monitoring;
Contribute to the review, consistent implementation and compliance-monitoring of Client information security policies, operating procedures standards, and guidelines;
Coordinate and / or support security audit requests and track follow-up on recommendations (including FISMA / NIST 800-53 controls, ISO 27001);
Participate actively in the implementation of the Global Cybersecurity Strategy, including the support of awareness-related activities and coordinating global workshops / webinars;
Monitors and audits information security controls while measuring results and responding to new risks. Gathers, develops and organizes evidence for security audit;
Conduct threat, vulnerability, risk and compliance assessments;
Conduct data protection impact assessments;
Assist in investigation and audit;
Provide advice to request / tickets related to data security, rotation and access;
Provide advisory to support decision-making activities related to data security topics;
Education:
Bachelor's degree in computer science, information systems, mathematics, statistics or related field from an accredited academic institution with two years of relevant professional experience; or
University degree in the above fields with four years of relevant professional experience.
Professional certification such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Chief Information Security Officer (CCISO), Certified Secure Software Lifecycle Professional (CSSLP), Certified Secure Web Application Engineer (CASE), Certified Secure Web Application Engineer (CSWAE), Governance, Risk, and Compliance Professional (GRCP), Certified Ethical Hacker (CEH), or related will be a distinct advantage in addition to cloud computing certifications at associate / professional / specialty level from Azure and / or AWS. Information Technology Infrastructure Library (ITIL) and Prince2 Foundation are added advantages. Microsoft Purview working knowledge is desirable.
Experience:
Extensive experience in building a data management process;
Extensive experience in data governance, compliance and risk management;
Extensive experience in creating and implementing a data loss prevention program;
Extensive experience in all aspects of application / data security (definition, implementation and validation);
Extensive experience in access control management;
Experience defining data security strategies aligned with business and strategic objectives.
Skills:
Strong interpersonal skills;
Solid organization and document, project management;
Strong investigative skills;
Strong ability to continue to learn and grow;
Basic knowledge of reporting tools (e.g., MS Excel, Power BI, Power BI Report Builder);
Ability to translate technical security vulnerabilities into business risk / impact to applications;
Demonstrated skill in creating security policies and procedures based on ISO27001, NIST 800-53 and Computer Information System (CIS) controls;
Strong analytical and problem-solving skills and proactive thinking skills;
Able to articulate complex, technical concepts to non-technical audiences;
Strong English oral and written communication skills.
#J-18808-Ljbffr
