Epicareer Might not Working Properly
Learn More
Please Turn on your JavaScript

Epicareer might not working properly because your browser javascript is turned off.

What is JavaScript?

JavaScript is like the magic behind making websites interactive. Basically, it makes Epicareer more enjoyable and engaging.
How do i turn this on?
Find tutorial for your browser below :
  1. Make sure the webpage is open.
  2. In the Safari app on your Mac, choose Safari > Preferences, then click Security.
  3. Make sure the Enable JavaScript checkbox is selected.
  4. Click Websites.
  5. On the left, click Content Blockers.
  6. Make sure Off is chosen in the pop-up menu next to the website.
  7. On the left, click Pop-up Windows.
  8. Make sure Allow is chosen in the pop-up menu next to the website.
Visit Site here
  1. Open Chrome on your computer.
  2. Click. then Settings.
  3. Click Privacy and Security.
  4. Click Site settings.
  5. Click JavaScript.
  6. Select Sites can use Javascript.
Visit Site here
  1. If you're running Windows OS, in the Firefox window, click Tools > Options.
  2. Tip: If you're running Mac OS, click the Firefox drop-down list > Preferences.
  3. On the Content tab, click the Enable JavaScript check box.
Visit Site here
  1. Click the "Settings and more" icon at the top right of the Edge browser window.
  2. Click Settings.
  3. From the Settings menu, click Cookies and site permissions.
  4. Scroll down and click on JavaScript.
  5. In the JavaScript window, toggle the slider to "on" or "allowed."
  6. Close the Settings tab.
  7. Refresh the page.
Visit Site here
  1. Go to Settings.
  2. Click Advanced in the left sidebar, and click Privacy & security.
  3. Under Privacy and security, click Site settings.
  4. Click JavaScript.
  5. At the top, turn on or off Allowed (recommended).
Visit Site here
Any Question? Contact us
logo
Jobs or company...

Security Analyst (GRC Tech-Security)

Salary undisclosed

Apply on

Linkedn
Original
Simplified

The Security Analyst reports to the AVP, Technology (Security).

Reporting to the AVP, Technology (Security), the successful candidate's responsibilities include but are not limited to the following:

a. Security Policy Planning and Standards

  • Maintain the security policies, frameworks and practices in alignment with government regulations.
  • Establish and maintain the Security Incidents Response and Escalation Procedures.
  • Maintain IT security standards, such as the EMC technology hardening guides, access management best practices, information classification standards, etc.
  • Maintain the Security By Design (SBD) process.

b. Security Audit Management

  • Manage ISO-27001 Certification Audit.
  • Track and ensure all audit findings are duly closed, and
  • Manages the operationalisation of compliance monitoring and improvement activities to ensure conformance to ISO/IEC 27000 certification and regulatory compliance.

c. Security Change Control and Cybersecurity Risk Management

  • Manage change control for security related aspects of projects implementation or operational enhancements to ensure proper risk assessment has been performed and also authorised access in alignment with the organisation, sector regulator and government required policies. E.g. reviewing, approving, revoking access grants and maintaining exception tracking.
  • Track and ensure the risk register items are mitigated and closed.
  • Escalate key risks to EMC Technology Management Team
  • Perform risk assessments for new NEMS projects as per Secure-By-Design (SBD) process
  • Review and provide assessment on change requests related to ISO framework and requirement, and provide ISO advisory for projects in relation to change management. Support and ensure Business Units’ implementation of new projects adhere to Information Security Management System framework and ensure existing systems maintain continuous conformance against ISO/IEC 27001.

d. Security Awareness Curriculum

  • Manage, design security awareness curriculum (such as Cybersecurity Awareness Computer-based training, conduct phishing campaigns) for internal staff and contractors.
  • Develop briefing material, conduct regular briefing and training to internal staff and contractors on the latest security measures, vulnerabilities, and security trends.
  • Provide and support appropriate information security awareness, training, and educational activities in relation to ISO 27001 requirement for staff.

e. ISO 27001 Operation and Maintenance

  • Responsible for the operation and maintenance of the Company’s Information Security Management System based on the ISO/IEC 27000 series standards, including attaining certification against ISO/IEC 27001.
  • Offers strategic direction and work with related governance functions (such as Risk Management, Information Technology, Human Resource, Legal and Compliance) on information security matters (such as routine security activities plus emerging security risks and control technologies).
  • Assist with the preparation and implementation of information security policies, standards, procedures, and guidelines, in conjunction with the Information Security Steering Committee (to seek approvals and feedback)
  • Review project ISO documentations to ensure alignment and compliance to ISO requirements, and
  • Review periodically and perform streamlining/improvement of ISO processes /procedures.

f. Security Architecting and Solutions

  • Support project implementation, operations in providing advice and guidance and ensure compliance to established framework, policies, and regulations, inclusive of SBD process.
  • Based on project identified risks, come out with specific security requirements to address risks for new projects RFQ/RFP to devise specific security requirements to address these risks and incorporate in the requirement specification.
  • Evaluate vendors security solutions' compliance to the RFQ/RFP security requirements and assess vendor’s security solution architecture.
  • Review Project Security Risk Pre-Assessment (PSRPA) reports and Risk Assessment reports to identify threats and take appropriate preventive actions to improve the security posture. Review identified cyber threats and system vulnerabilities, track and validate the closure of vulnerabilities, and provide reporting to management.

g. Security Operations Management

  • Assist with the Security Operations Management to maintain the security infrastructure availability of at least 99.90% SLA by tracking the performance of the Managed Security Services (MSS) and all security services and equipment.
  • Manage external vendors to provide the 24x7 support and track their performance to ensure compliance to the SLA. Oversee and manage the detection and monitoring of cyber threats to the Company’s Information Technology Systems together with the Security Operation Centre.
  • Manage Penetration Testing, Application Source Code Vulnerability Assessment and Vulnerability Assessment (VA) process, review and validate the assessment reports.
  • Perform necessary assessment of the criticality/impact and manage the tracking of security patches together with Infrastructure and Application teams.
  • Review and track Indicators of Compromise (IOC) alerts/advisory to ensure that required actions are performed and provide updates to government authorities.

h. Security Incident Response Management

  • Assist to perform triage and work with MSS provider and government authorities to manage and contain the security outbreak.
  • Perform management reporting and work with Communications team for handling of crisis communications.
  • Assist with security incidents management, troubleshooting, engage forensics if required for recovery.
  • Liaise with respective parties (application, platform, network etc.) to correlate and trace root cause.
  • Manage and report security incidents, identify affected systems and user groups, trigger proper escalations and announcements to relevant stakeholders.

Applications are welcome from candidates who meet the following essential requirements:

  • Bachelor's degree in IT, Computer Science or equivalent, supplemented by 3-5 years of relevant experience in cybersecurity, IT risk management, policy formulation, governance oversight, audits and risk management.
  • Security certification such as CISSP, CRISC, CISM, CISA or other relevant certifications required.
  • Application security experience preferred.
  • Experience in the energy industry and/or public service is a plus.
  • Possess good vendor and project management skills to support project activities.
  • Possess an inquisitive, structured, and logical mind to conduct governance and oversight activities.
  • Ability to support and manage audit activities as well as work independently to review, assess and manage risks and non-compliances.
  • Good understanding of work exigency, ability to set priorities and work in a fast-paced, multi-projects environment.
  • Able to multi-task, result oriented and strong attention to detail. Work well as a team player. Self-motivated and take initiative at work.
  • Good oral/written/interpersonal communication skills to communicate internally and externally and, relate to employees at all levels in a genuine, authentic way.
Similar Jobs