Talenza are working with a financial services technology firm on the search and selection of an experienced Information Security consultant for their APAC region. The successful candidate will have worked in both Cloud and On Premise IT service environments delivering strategic innovative security designs as well as working with business and IT teams in solving day to day compliance and business growth needs. They will demonstrate passion, vision and drive and will act as a respected senior advisor across the organization, guiding internal customers on information security best practices, cyber security, security risk assessment, threat modelling, and vulnerability remediation within a hybrid Cloud and On Premise IT environment.
This role will be part of a multi-discipline team to ensure the security services are delivered to the agreed service levels.
- Strengthen the organisations Information Security defence and response capabilities paying close attention to business unit specific requirements.
- Evaluate, architect, implement, and support security tools and services for the organisations rapidly emerging Cloud based hosting model and help execute the global Information Security strategy / Centre of Excellence
- Lead cultural change and provide guidance on best practice security control adoption.
- Ensure security controls designed and implemented as part of the agreed group strategy are commensurate with the threats/risks This is a hands-on, strategic and operations role with a focus on Information Security, Governance, and IT Risk, suited to a passionate experienced security specialist with demonstrated experience working across several security domains.
- Security Advisory, Reviews, Risk Assessments and Third-Party Reviews
- Maintenance and on-going management of Management System (ISMS); Corrective Action Log management and escalations; and Risk registers
- Responsibility for updating the ISMS and monitoring compliance to ISO27001
- Identification, analysis and management of potential security breaches or incidents
- A diverse security skillset and exposure to multiple security technologies and control frameworks is required, with the ideal candidate having a broad understanding of a broad base of security frameworks, controls and cloud technologies.
- Well-developed communication skills, including a level of written communication and reporting skills necessary to describe complex issues and actions clearly and concisely
- Influence and Persuasion - Influencing and persuading others to take a specific course of action
- Demonstrate a high level of strategic thinking and problem-solving skills
- The successful candidate will demonstrate passion, vision and drive and will act as a respected advisor across the organization, guiding internal customers on Information Security best practices, risk management, client assurance activities, control effectiveness, threat modelling, and vulnerability remediation within a hybrid Cloud and On Premise IT environment.
- Thorough understanding of information security operations and governance concepts and current best practices, techniques, processes, and technologies
- Hands-on experience working with control frameworks (e.g. COBIT, NIST, ISO27001), technologies including Intrusion Detection, Anti-virus/anti-malware, Database Activity Monitoring, Data Loss Prevention, Penetration Testing, Firewalls & Security Log management tools
- Ability to examine complex security event data and identify key issues, trends, and patterns
- A good knowledge of security best practice controls and control frameworks
- Ability to evaluate security requirements within the context of a fast-paced environment to define pragmatic solutions
- Ability to work in high pressure situations, and follow processes and procedures with accuracy and attention to detail
- Circa 5+ years' experience in security operations, IT governance or similar role
- Exposure to a large financial services organization and an understanding of the risks of such an environment
- Extensive experience across infrastructure domains (network, compute, and storage)
- Formal information security qualifications desirable but not mandetory: CISM, CISSP, SABSA