Senior Analyst, Information Security (Architecture & Change)

Assist with designing and developing the company’s security strategy to improve and maintain its security posture/ maturity level Understand current security risks, latest regulatory requirements as well as current and future threat landscape which could impact the organization Based on the risks, regulatory requirements, and threat landscape, identify new security solutions or enhancement opportunities to allow the business to continue with achieving its business objectives Liaise and facilitate with business units, IT, and other Information Security function teams to provide recommended approaches to problems which balances both information security and business requirements Assess network architecture designs to ensure it is aligned with security architecture and best practices Remain informed on the latest security technologies in the information security industry Assist with product evaluations and comparisons as part of vendor selection Assist with the planning, tracking, and reviewing of vendor deliverables Ensure the new security solutions or enhancement opportunities are complying to relevant compliance and regulation requirements as well as ISO27001 requirements Requirements Experience Minimum 5 years of IT related experience, with at least 3 years in Information Security Strong technical knowledge of security system architectures, especially within network and infrastructure domains are needed Strong knowledge of various security tooling used for risk control such as PAM, SIEM, WAF, EDR, DLP, email security, are required Experience with Security Architect or Risk Management is highly desired Knowledge of implementing Security processes and tools into software development to achieve DevSecOps practices are highly desired Understanding of Tactics, Techniques and Procedures commonly used by threat actors Familiar with security industry frameworks e.g. ISO 27001, NIST – Cyber Security Framework, CIS Familiar with compliance and regulatory requirements e.g. PCI-DSS, GDPR, MCSL Education Bachelor’s degree in Computer Science, or related disciplines An information security or other similar technical certification such as Certified Information Systems Security Professional (CISSP), or Certified Information Security Manager (CISM) is highly desirable Skills / Competencies Fluent in written and spoken English Ability to understand and convey the relationship between Security Risks and business risks Strong analytical and inter-personal skills to communicate technical information to non-technical background users Proven excellence in researching, organizing, writing, and presenting technical information via report writing and presentation (PowerPoint) Capacity to work independently and in a team environment, and can demonstrate leadership ability and project management skills Ability to multi-task and have solid project management skills Ability to keep pace with a fast pace and growing company