Senior Manager, Security Assurance
Prudential
- Kuala Lumpur
- Permanent
- Full-time
- Security Assurance and Remediation Focal Point
- Go-to subject matter expert providing consultation on vulnerabilities identified by security tools and metrics to guide and steer relevant BISO, Infrastructure and Application teams to remediate the vulnerabilities identified.
- Assess identified vulnerabilities respective to the risk profile and impact to the business entity.
- Stakeholder Management
- Lead discussions with Infrastructure, Business, Application teams to advise the relevance and impact of vulnerabilities and security controls.
- Develops and maintains relationships with internal and extended partners, including but not limited to Infrastructure, Business, Application teams.
- Establish an effective framework to drive and uplift InfoSec & Privacy assurance management with stakeholders
- Monitoring, Compliance and Reporting
- Monitor and track risk acceptance, exceptions, compliance and deviations per organizational standards.
- Develop, maintain and continuously improve Assurance Dashboards (Power BI) to support management reporting.
- Develop and maintain the Security Assurance framework and process flows to ensure relevancy to organizational standards.
- Provides management insights and formal reporting to management on risk heatmaps and remediation cadence.
- Policy Compliance
- Monitor security procedures and ensure compliance to all aspects of Prudential’s policies and standards.
- Define and enhance assurance and remediation practices across the organsation’s IT footprint.
- Audits and Assessments
- Support internal /external audit fieldwork as required.
- Addresses regulatory / compliance requirements
- Continuous Assurance Improvement
- Automate security enhancements where possible, streamlining processes and ensure consistent protection.
- Evolve and develop strategies to standardize and uplift the organization’s overall security control posture.
- Analyse and address roadblocks, impediments faced on control posture uplift initiatives.
- Communication - Able to work and spread positive "security awareness and control due-diligence" influence with people from various levels of the organization effectively.
- Technical Depth - Knowledge and experience with Coordinated Vulnerability Disclosure (CVD), Common Vulnerability Scoring System (CVSS), MITRE Common Vulnerabilities and Exposures (CVE) systems, and OWASP Top 10.
- Hands on experience with Vulnerability Scanning & Management tools
- Technical Breadth - Display broad appreciation of information security and Privacy domains with technical aptitude, problem solving and ability to quickly learn and master new topics and domains.
- Know your Business - Strong business acumen within the insurance / financial services industry and related operational fields.
- Controls Framework - Knowledge of industry control framework, best practise, laws (e.g. GDPR, countries privacy laws, NIST, CIS etc) and regulatory landscape.
- Risk Management - Able to provide information security advise that strike sthe right balance between controls enforcement, risk appetite and nett risk exposure
- Knowledge of security tools, vulnerability assessment, and penetration testing
- Understanding of network security, encryption and access controls
- Ability to apply a Risk based approach while working on assigned responsibilities.
- Working knowledge and experience with tools like Confluence Jira, Power BI
- Experience with building BI dashboards using Microsoft PowerBI
- Certified Information Security Professional (CISSP), or other related certifications (e.g. CISM, CISA, CEH, OSCP) preferred
- Possesses effective communication skill (written and spoken)
- Ability to work independently in a dynamic environment
- Ability to handle concurrent responsibilities and tight deadlines
- Some business travel required on a need basis.