Position Overview
As the Technology Information Security Officer (TISO), you are responsible to provide security advisory to the project teams which includes Cybersecurity Risk Assessment, review of Technical Design Spec(TDS), Operational Acceptance Test (OAT), and System Security Assurance Test (SSAT).
Role & Responsibilities
- Provide guidance to Business Services Group (BSG) in ensuring that projects/systems comply with security policies and the relevant legal and regulatory frameworks (such as PDPA or Cybersecurity Act) throughout the product lifecycle
- Perform adequate risk management, including identification, assessment and provide treatment of security risks associated with systems handled by Business Services Group. Risk assessment must be performed in accordance with the organization's cybersecurity risk management framework
- Provide guidance to Business Services Group related to vulnerability assessments, source code review and penetration tests so that remediation actions can be undertaken by Business Services Group within the agreed timelines
- Provide security consulting and advisory to Business Services Group
- Review RFP proposal compliance with security requirements
- Review architecture design developed by Enterprise/Solution/Security Architect
- Perform cybersecurity assurance activities across the different stages of SDLC
- Evaluate risks related to third-party vendor and products and identify mitigating measures
- Perform independent assessments of the technical security controls implemented within the projects/systems to determine the overall effectiveness of the controls
Requirements
- Degree in Computer Science, Information Systems, Engineering or equivalent
- At least 10 years of IT security experience in areas of security governance, risk management, application security design, security project management, security operation, cloud security technologies
- Strong risk management principles, risk articulation skills, cloud technologies, network security, data protection
- Knowledge of cloud platforms such as AWS, Azure or Google cloud is desirable
- Professional security certification is preferable, such as CISSP, CISM, CISA, CCSP or other similar security certifications
- Self-motivated with the ability to work independently and as a team member with minimal direction
- Strong interpersonal and stakeholder management skills
- Good written and communication skills
Apply Now
NOTE: It only takes a few minutes to apply for a meaningful career in HealthTech - GO FOR IT!!
#0460