The purpose of this role is to support the IT Department and existing Cyber Security Manager to lead and assist in the implementation of Cyber security related initiatives in MDEC, manage the resolution of security related issues and support other initiatives by the IT Department, as and when required. This role is also to lead and assist in performing risk analysis, management, and prevention activities for MDEC’s IT systems and help set and maintain security standards. Additionally, this role required to support the day-to-day activities in the Technology office, providing guidance on IT Security policies, and its processes, overseeing resources, and collaborating with other department and division leaders to develop / support projects and programs.
Note: This role will be required to support and standby for any Cyber Security related matters in 24x7 hourly basis with assistance from Security Operation Centre (SOC) and with existing Cyber Security Manager during Cyber-Attack/ Emergency.
1. Assist in managing Cybersecurity related initiatives, programmes and activities, including:
a. Cybersecurity risk analysis, management and prevention activities for company systems.
b. Assess potential risks in business systems and develop appropriate mitigation plans.
c. Monitor business systems and identify and report violations of risk limits.
d. Review business contracts, terms and scope to identify any risks.
e. Managing the planning, reviewal, and implementation of perimeter protections in the form of Web Application Firewall (WAF) and Anti-DDOS protection, and or other solutions.
f. Implementation of Managed Threat Detection and Response (MTDR) and other related activities, including Network Operation Centre (NOC) & Security Operation Centre (SOC).
g. Implementation of the annual Security Posture Assessment (SPA) and Network Architecture Review and adopt the relevant recommendations to strengthen MDEC’s Cybersecurity.
h. Assessment, reviewal and update of MDEC IT Security policies.
i. Implementation of other IT security related initiatives, such as 2 Factor Authentication (2FA), Azure Information Protection (AIP), amongst others.
j. Keep abreast of latest technologies and solutions related to Cybersecurity and provide recommendations for possible adoption in MDEC.
k. Engage and liaise with project teams from various Divisions or Department on Cybersecurity related matters.
l. Preparing reports for management as and when required.
m. To initiate, manage, and monitor ad-hoc tasks, projects, initiatives, programmes or day to day Cyber Security Operation activities based on internal approval / procurement / tender / internal or external audit processes and guidelines.
2. Manage and support other ITD Initiatives.
a. Participate and assist in various ITD initiatives.
b. Resolution of technical and operational issues.
c. Stakeholder engagement.
d. Quality control and audit.
Qualifications
1. Degree in IT/Computer Science/or other related fields and possess min (2) certification on the following fields:
Information Security and Risk Management Professionals
Cyber Threat Hunting and Red Teaming Specialists
IT incident management and response specialists
Cyber Défense and Response Specialists
2. Minimum working experience of 5-7 years in IT industry, of which 3-5 years are in Cybersecurity related projects is an advantage.
3. Understanding of the organization’s business is an added value.
Competency Required
1. Knowledge and experience in Cybersecurity initiatives and activities, including but not limited to network penetration testing, perimeter protections such as WAF and Anti-DDOS, enterprise security assessment, ISO/IEC 27001 implementation and certification.
2. Strong project management skills with the ability to manage multiple projects and programs at the same time.
3. Demonstrated ability to prioritise tasks and meet daily deadlines for projects.
4. Strategic / analytical thinking.
5. Excellent client-facing and internal communication skills.
6. Excellent written and verbal communication skills.
7. Attention to detail and strong leadership skills.
8. Strong working knowledge of Microsoft Office.
9. Good interpersonal and multi-tasking skills.