Job Description

Role & Responsibilities:

• Implement information / IT security engagements for clients
• Provide delivery expertise on information security projects. This could be on technical or process aspects (such as Information Security Management Systems (ISMS) or ISO 27001, Business Continuity Management / IT Disaster Recovery Management or ISO 22301/ ISO 27301, Data Loss Prevention (DLP), Identity and Access Management (IAM), cloud security, cyber security design, tools and solutions, security strategy and security project management).
• Experience in the identification, assessment, mitigation and management of information security risks and issues across the information security spectrum.
• Identify best practices for Information Security into technically feasible and user friendly deliverables and communicate to clients and their Information Security staff.
• Gain understanding of key customer issues and help create proposals as required.
• Build own knowledge and competency in cyber security and gain alignment and understanding of at least one industry.

Qualifications:

• Degree in any discipline and/or MBA from a recognised institution; IT Degree preferred.
• Related certifications are a plus e.g. CISSP, CCSP, SSCP, GSLC, GISP, CISM, CRISC, CGEIT, CISA, CCSK, CEH, CCNA, ISO 27001 Lead Auditor, etc.
• Good overall understanding of IT.
• Strong understanding of information security & regulatory standards/ frameworks; e.g. ISO/IEC 27001, COBIT, ITIL, PCI-DSS, NIST Cyber Security Framework, GPIS1, etc.
• Good technical knowledge on at least one of the following areas:

- Data Security, Privacy, Classification and Data Loss Protection.

- IT Disaster Recovery Planning and Business Continuity Management.

- Network security architecture, management and controls including firewall, routers, IPS etc.

- Threat Intelligence & Advanced Persistent Threats (APT).

- Security Strategy and Roadmaps.

- Security Policy, Standard and Framework.

- Information Security Management Systems.

- Log Management and SIEM.

- Identity and access management solutions and implementation.

- Cloud security.

• Familiarity and experience in security standards and regulatory frameworks (e.g. ISO/IEC 27001, ITIL, GPIS1, PCI-DSS, etc.)

FIRMUS Sdn Bhd