My client is an MNC investment bank in search for an IT Assurance professional for a 1.5 LoD position. The ideal candidate will have experience in IT Assurance, Control Testing, and Reporting. They should also have knowledge of Risk Assessment frameworks such as ISO 27001, NIST and CIS. A plus if the candidate has experience in Cloud security governance/assessments. Candidate must be able to speak English and Chinese fluently. Open to candidate from a Big 4 IT Assurance background also.
Perform thorough security and assurance assessments on technology systems, infrastructure, and processes.
Develop and implement security controls and measures to protect our organization's data and assets.
Analyze security risks, identify vulnerabilities, and propose effective mitigation strategies.
Manage external parties to perform information security assessment including but not limited to; vulnerability scanning, penetration test, technical security architecture assessment, etc.
Propose, review and validate security architecture, designs and changes to ensure security is an integral part of the project delivery teams without compromising business objectives
Conduct third-party cyber risk assessment to ensure security of organization systems and data in third-party environment.
Engage in daily tasks required to execute the controls, policies, and procedures on security and compliance initiatives
Maintain relevant Cybersecurity / Technology risk policies and procedures
Collaborate with cross-functional teams to ensure compliance with Group security standards, policies, and regulations.
Stay up-to-date with the latest security threats, trends, and best practices, to provide expert guidance and support to Group and regional teams on security matters.
Foster strong relationships with stakeholders, including Group/regional teams, vendors, and external partners, to promote a secure and collaborative environment.
Perform other duties as assigned by the supervisor.
7+ years of relevant experience in IT Security/Security Assurance Testing
Knowledge of security frameworks such as ISO 27001, NIST, CIS.
Experience in conducting security control assessments and risk analysis.
Familiar with security tools and technologies suych as SIEM, Intrusion detection systems etc.
Plus if knowledgeable on cloud technologies such as AWS.