Provide guidance to Business Services Group (BSG) in ensuring that projects/systems comply with Company's IT security policies and the relevant legal and regulatory frameworks (such as PDPA or Cybersecurity Act) throughout the projects/systems lifecycle
Perform security risk management, including identification, assessment and provide treatment of security risks associated with systems handled by Business Services Group. Risk assessment must be performed in accordance with the Company's cybersecurity risk management framework
Provide guidance to Business Services Group related to vulnerability assessments, source code review and penetration testing so that remediation actions can be undertaken by Business Services Group within the agreed timelines
Provide security consulting and advisory to Business Services Group
Review RFP proposal compliance with security requirements
Review architecture design developed by Enterprise/Solution/Security Architect
Perform cybersecurity assurance activities across the different stages of SDLC
Evaluate risks related to third-party vendors, products and identify mitigating measures
Perform independent assessments of the technical security controls implemented within the projects/systems to determine the overall effectiveness of the controls
Review and propose improvements to IT security policies, framework, standards, procedures and best practices
Degree in Computer Science, Information Systems, Engineering or equivalent
At least 12 years of IT security experience in more than one of the following: security governance, risk management, application security design, security project management, security operation, cloud security technologies, network access, identity, governance and access management, privileged access and identity management, security information and event management
