Lead, Cyber Security
Posted on 20 Jul 2022 9 days left for application

Job Purpose

  • This role is to lead the implementation of cyber security related technical activities in MDEC. The incumbent need to manage the resolution of security related issues and support other initiatives by the Innovation Department as and when required. The incumbent is responsible to manage, develop, implement cybersecurity policies, standards, guidelines, and controls.
  • This role is also to lead the team in performing risk analysis, management, and prevention activities for MDEC’s IT systems and help set and maintain security standards.

Duties & Responsibilities

  • Assist in managing technical requirement for cyber security related initiatives, programmes and activities, including cyber security risk analysis, management, and prevention activities for company systems.
  • Assess potential risks in business systems and develop appropriate mitigation plans.
  • Monitor business systems and identify and report violations of risk limits.
  • Conduct regular compliance checks to ensure compliance of IT-related policies and procedures.
  • Assisting the implementation of Managed Threat Detection and Response (MTDR) and other related activities, including Network Operation Centre (NOC) and Security Operation Centre (SOC);
  • Conduct incident management and escalation as per MDEC SLA requirements.
  • Support and perform MDEC annual Security Posture Assessment (SPA) and Network Architecture Review, and adopt the relevant recommendations to strengthen MDEC’s cyber security
  • Assessment, review and update of MDEC IT security policies
  • Monitoring and maintaining, IT security related initiatives, such as Zero Trust, Multi-Factor Authentication (MFA), Azure Information Protection (AIP), amongst others.
  • Managing the planning, review, and implementation of perimeter protections in the form of Web Application Firewall (WAF) and Anti-DDOS protection, and or other solutions.
  • Architecture Review, and adopt the relevant recommendations to strengthen MDEC’s Cybersecurity
  • Implementation of other IT security related initiatives, such as 2 Factor Authentication (2FA), Azure Information Protection (AIP), amongst others.
  • Recommendations for possible Cyber Security adoption in MDEC
  • Keep abreast of latest technologies and solutions related to cyber security, and provide recommendations for possible adoption in MDEC
  • Provide advice and consultancy on cyber security related matters to project teams from various Divisions as and when required
  • Preparing cyber security document/report for management / stakeholder as and when required
  • Manage and support other Innovation Department Initiatives:
    • Participate and assist in various Innovation Department initiatives
    • Resolution of technical and operational issues
    • Stakeholder engagement 
    • Quality control and audit
  • Capability, knowledge on managing the planning, review, implementation of perimeter protections, managing security roles, monitoring, identifying, and rectifying security alerts or security events from the following solution/ product:
    • Amazon Web Services (AWS) cloud (existing workloads)
    • Microsoft Azure cloud (existing workloads)
    • Alibaba cloud (existing workloads) 
    • Cloud based Web Application Firewall (existing SaaS) 
    • Cloud based Incident management (existing SaaS) 
    • Cloud based Identity & Access Management (existing SaaS) 
    • Cloud based Endpoint and Office 365 (existing PaaS) 
    • Cloud based virtual private network services 
    • Cloud based Security information and event management (existing SaaS) Conduct an analysis of network traffic and host activity across a wide array of technologies and platforms.
  • Analyse malicious campaigns and evaluate the effectiveness of security technologies time to time with relevant stakeholder.


  • Bachelor’s Degree in Computer Science or Information Technology
  • Experience in compliance framework for Information Security, Compliance & IT Governance Standards: ISO27001
  • Minimum working experience of 6-10 years in IT industry, of which 5 years are in cyber security related projects is an advantage
  • Understanding of the organization's business is an added value
  • Specialization and certification in the following fields will be an added advantage:
    • Certified Information Systems Security Professional (CISSP) or equivalent
    • Certified in Risk and Information Systems Control (CRISC) or equivalent
    • Certified Information Security Manager (CISM) or equivalent
    • Certified Information Security Auditor (CISA) or equivalent
    • CREST Practitioner Threat Intelligence Analyst (CPTIA) or equivalent
    • CREST Practitioner Security Analyst (CPSA) or equivalent
    • CREST Practitioner Intrusion Analyst (CPIA) or equivalent
    • GIAC Certified Intrusion Analyst (GCIA) or equivalent
    • EC-Council Certified Security Analyst (ECSA) or equivalent
    • EC-Council Certified SOC Analyst or equivalent CompTIA Cyber security Analyst or equivalent
    • Offensive Security Certified Professional (OSCP) or equivalent
    • CREST Registered Penetration Tester (CRPT) or equivalent CREST Certified Simulated Attack Specialist (CCSAS) or equivalent
    • GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) or equivalent
    • CSA Certificate of Cloud Security Knowledge (CCSK) cloud security certification or equivalent
    • AWS Certified Cloud Practitioner or equivalent Microsoft Azure Fundamentals or equivalent EC-Council’s Certified Incident Handler (ECIH) or equivalent
    • GIAC Certified Incident Handler (GCIH) or equivalent
    • Incident Handling & Response Professional (IHRP) or equivalent
    • Certified Computer Security Incident Handler (CSIH) or equivalent
    • Certified Incident Handling Engineer (CIHE) or equivalent
    • CA Service Desk Manager 17.x: Incident and Problem Management 200 or equivalent
    • ITIL Certification v3 or equivalent Alibaba Cloud Certified Associate (ACA) or equivalent

Competency Required

  • Knowledge and experience in cyber security initiatives and activities, including but not limited to: network penetration testing, perimeter protections such as WAF and Anti-DDOS, enterprise security assessment, ISO/IEC 27001 implementation and certification.
  • Strong project management skills with the ability to manage multiple projects and programs at the same time.
  • Demonstrated ability to prioritize tasks and meet daily deadlines for projects
  • Strategic / analytical thinking
  • Excellent client-facing and internal communication skills
  • Excellent written and verbal communication skills
  • Attention to detail
  • Strong working knowledge of Microsoft Office

Related Links
Media Gallery