Senior Manager, Security Assurance

Prudential

Kuala Lumpur
Permanent
Full-time

25 days ago

Prudential’s purpose is to be partners for every life and protectors for every future. Our purpose encourages everything we do by creating a culture in which diversity is celebrated and inclusion assured, for our people, customers, and partners. We provide a platform for our people to do their best work and make an impact to the business, and we support our people’s career ambitions. We pledge to make Prudential a place where you can Connect, Grow, and Succeed.Role Purpose: The Security Assurance SM/Lead is a role within the Security Management & Engagement team, responsible for owning and leading security assurance and vulnerability remediation activities across the organisation. The candidate will be involved in the creation and uplift of the processes and procedures to address and drive effective end to end assurance and remediation efforts to uplift cyber hygiene and compliance to security metrics across the organization’s footprint. The Security Assurance Lead would be expected to influence, guide and partner the Business Information Security Officers in the business units to drive, monitor, track and uplift compliance levels.Essential Job Duties and Responsibilities:

Security Assurance and Remediation Focal Point

Go-to subject matter expert providing consultation on vulnerabilities identified by security tools and metrics to guide and steer relevant BISO, Infrastructure and Application teams to remediate the vulnerabilities identified.
Assess identified vulnerabilities respective to the risk profile and impact to the business entity.
Stakeholder Management

Lead discussions with Infrastructure, Business, Application teams to advise the relevance and impact of vulnerabilities and security controls.
Develops and maintains relationships with internal and extended partners, including but not limited to Infrastructure, Business, Application teams.
Establish an effective framework to drive and uplift InfoSec & Privacy assurance management with stakeholders
Monitoring, Compliance and Reporting

Monitor and track risk acceptance, exceptions, compliance and deviations per organizational standards.
Develop, maintain and continuously improve Assurance Dashboards (Power BI) to support management reporting.
Develop and maintain the Security Assurance framework and process flows to ensure relevancy to organizational standards.
Provides management insights and formal reporting to management on risk heatmaps and remediation cadence.
Policy Compliance

Monitor security procedures and ensure compliance to all aspects of Prudential’s policies and standards.
Define and enhance assurance and remediation practices across the organsation’s IT footprint.
Audits and Assessments

Support internal /external audit fieldwork as required.
Addresses regulatory / compliance requirements
Continuous Assurance Improvement

Automate security enhancements where possible, streamlining processes and ensure consistent protection.
Evolve and develop strategies to standardize and uplift the organization’s overall security control posture.
Analyse and address roadblocks, impediments faced on control posture uplift initiatives.

Knowledge & Abilities

Communication - Able to work and spread positive "security awareness and control due-diligence" influence with people from various levels of the organization effectively.
Technical Depth - Knowledge and experience with Coordinated Vulnerability Disclosure (CVD), Common Vulnerability Scoring System (CVSS), MITRE Common Vulnerabilities and Exposures (CVE) systems, and OWASP Top 10.
Hands on experience with Vulnerability Scanning & Management tools
Technical Breadth - Display broad appreciation of information security and Privacy domains with technical aptitude, problem solving and ability to quickly learn and master new topics and domains.
Know your Business - Strong business acumen within the insurance / financial services industry and related operational fields.
Controls Framework - Knowledge of industry control framework, best practise, laws (e.g. GDPR, countries privacy laws, NIST, CIS etc) and regulatory landscape.
Risk Management - Able to provide information security advise that strike sthe right balance between controls enforcement, risk appetite and nett risk exposure

Technical Skills * At least 5 years of experience in any of the following fields Cybersecurity, Vulnerability Management, Engineering/IT Operations, Security Operations and Risk management

Knowledge of security tools, vulnerability assessment, and penetration testing
Understanding of network security, encryption and access controls
Ability to apply a Risk based approach while working on assigned responsibilities.
Working knowledge and experience with tools like Confluence Jira, Power BI
Experience with building BI dashboards using Microsoft PowerBI
Certified Information Security Professional (CISSP), or other related certifications (e.g. CISM, CISA, CEH, OSCP) preferred

Other Requirements * Proactive Team Player

Possesses effective communication skill (written and spoken)
Ability to work independently in a dynamic environment
Ability to handle concurrent responsibilities and tight deadlines
Some business travel required on a need basis.

Prudential is an equal opportunity employer. We provide equality of opportunity of benefits for all who apply and who perform work for our organisation irrespective of sex, race, age, ethnic origin, educational, social and cultural background, marital status, pregnancy and maternity, religion or belief, disability or part-time / fixed-term work, or any other status protected by applicable law. We encourage the same standards from our recruitment and third-party suppliers taking into account the context of grade, job and location. We also allow for reasonable adjustments to support people with individual physical or mental health requirements.

Prudential

Apply Now