The purpose of this role is to support existing Cyber Security Manager to lead and assist in the implementation of Cyber security related initiatives in MDEC, manage the resolution of security related issues and support other initiatives by the Technology Department, as and when required.
1. Assist in managing Cybersecurity related initiatives, programmes and activities, including:
a. Cybersecurity risk analysis, management and prevention activities for company systems.
b. Assess potential risks in business systems and develop appropriate mitigation plans.
c. Monitor business systems and identify and report violations of risk limits.
d. Review business contracts, terms and scope to identify any risks.
e. Managing the planning, review, and implementation of perimeter protections in the form of Web Application Firewall (WAF) and Anti-DDOS protection, and or other solutions.
f. Implementation of Managed Threat Detection and Response (MTDR) and other related activities, includes Network Operation Centre (NOC) & Security Operation Centre (SOC).
g. Implementation of the annual Security Posture Assessment (SPA) and Network Architecture Review, and adopt the relevant recommendations to strengthen MDEC’s Cybersecurity
h. Assessment, review and update of MDEC IT Security policies
i. implementation of other IT security related initiatives, such as 2 Factor Authentication (2FA), Azure Information Protection (AIP), amongst others.
j. Keep abreast of latest technologies and solutions related to Cybersecurity, and provide recommendations for possible adoption in MDEC
k. Engage and liaise with project teams from various Divisions or Department on Cybersecurity related matters
l. Preparing reports for management as and when required
m. To initiate, manage, and monitor ad-hoc task, project, initiatives, programme or day to day Cyber Security Operation activities based on internal approval /procurement / tender / internal or external audit processes and guidelines.
2. Manage and support other ITD Initiatives
a. Participate and assist in various ITD initiatives
b. Resolution of technical and operational issues
c. Stakeholder engagement
Quality control and audit
1. Degree in IT/Computer Science/or other related fields and possess min (2) certification on the following fields:
2. Information Security and Risk Management Professionals,
3. Cyber Threat Hunting and Red Teaming Specialists,
4. IT incident management and response specialists,
5. Cyber Défense and Response Specialists,
6. Minimum working experience of 5-7 years in IT industry, of which 3-5 years are in Cybersecurity related projects is an advantage
7. Understanding of the organization’s business is an added value.
8. Knowledge and experience in Cybersecurity initiatives and activities, including but not limited to network penetration testing, perimeter protections such as WAF and Anti-DDOS, enterprise security assessment, ISO/IEC 27001 implementation and certification.
9. Specialisation and certification in the following fields will be an added advantage:
· Certified Information Systems Security Professional (CISSP) or equivalent
· Certified in Risk and Information Systems Control (CRISC) or equivalent
· Certified Information Security Manager (CISM) or equivalent
· Certified Information Security Auditor. (CISA) or equivalent
· CREST Practitioner Threat Intelligence Analyst (CPTIA) or equivalent
· EC-Council Certified SOC Analyst or equivalent
· CompTIA Cyber security Analyst or equivalent
· CREST Registered Penetration Tester (CRPT) or equivalent
· CREST Certified Simulated Attack Specialist (CCSAS) or equivalentCompetency Required
1. Knowledge and experience in Cybersecurity initiatives and activities, including but not limited to network penetration testing, perimeter protections such as WAF and Anti-DDOS, enterprise security assessment, ISO/IEC 27001 implementation and certification.
2. Strong project management skills with the ability to manage multiple projects and programs at the same time.
3. Demonstrated ability to priorities tasks and meet daily deadlines for projects
4. Strategic / analytical thinking
5. Excellent client-facing and internal communication skills
6. Excellent written and verbal communication skills
7. Attention to detail and Strong leadership skills.
8. Strong working knowledge of Microsoft Office
Good interpersonal and multi-tasking skills.