Education  Qualifications: 

· Bachelor’s degree in computer science, Engineering, or related fields Experience 

· Experience in IT > 10 years 

· Experience in IT Security > 10 years 

· Experience in Security Operations > 5 years 

· Proven experience in running Security Operations and project works in at least one of the categories below; 

• Infrastructure Security 
• Application Security 
• Project Security Governance 
• Audit finding and remediation works. 

· In-depth experience of infrastructure and application security domains, architectures and issues. 

· Information Security and/or Information Technology industry certification like CISSP, CCSP, CISM, CISA, CEH, GCIH, GCIA, OSCP, etc. 

· Experience on Cloud Security or Identity Management is a plus 

Skills 

· Cross-cultural sensitivity and flexibility. Appreciate diversity and inclusiveness. 

· Experience with security operations, risk and service delivery frameworks. 

· Familiar with local and regional regulatory requirements for Asia entities; HK MA, SG MA, MY BNM, TH BOT, ID FSA, etc. 

· Knowledge of information security best practices, architecture, standards and threat landscape 

· Customer-centric and strong service delivery skills with escalation management capabilities 

· Strong interpersonal and communication skills; able to deal effectively with diverse skill sets and personalities, works effectively as a team player 

· Organized with a proven ability to prioritize workload, meet deadlines, and utilize time effectively 

· Able to translate technical requirements and communicate at all levels 

· Apply analytical rigor to understand complex business scenarios 

· Ability to function effectively in a matrix structure. 

· Ability to function with minimal supervision 

· Subject Matter Expert knowledge on at least 4-5 topics below; 

• Infrastructure Security 
• Architecture review 
• Identity Management 
• Network Security 
• Firewall and IP routing 
• Intrusion Prevention System 
• DDoS protection 
• Secure Web Access 
• Secure email gateway 
• Vulnerability and Compliance Management 
• Penetration Testing 
• End-Point Security 
• Malware Protection 
• End-Point Detection & Response (EDR) 
• Threat hunting 
• Data Security 
• Encryption 
• Data Leakage Prevention 
• SIEM 

Application Security 

• Architecture review 
• SDLC 
• SAST & DAST 
• Web Application Firewall 

Cloud Security 

• PaaS and IaaS Security 
•  Data Security 
•  Cloud compliance 
•  CASB, CSPM, CWPP 
•  DevSecOps