IT Assurance Specialist
Prudential
- Singapore
- Permanent
- Full-time
- Assist IT Assurance lead and take ownership of the Identify access management system (IAM) and assist onboarding applications. Conduct annual and semi-annual company-wide user and privileged access review and remediation. Propose and implement further controls to mitigate user access related risk and issues.
- Ensures IT risk and security controls are implemented and mitigated on time in compliance with business strategies, organization policies and regulatory requirements.
- Liaise with stakeholders and follow-up to close any identified gaps as per changes and gap assessment of regulatory and organization’s policies.
- Consolidate and provide evidence as requested by internal, external, and regulatory audit related in information technology.
- Assist improvement related to incident, change, problem, and service requests to make sure that SLA are met.
- Works with IT team to make sure that security tools such as AV, DLP, VA scanning agents are compliant with company’s IT security policies, standards.
- Monitoring KRI (Key Risk Indicator) and follow-up to improve company’s IT security posture.
- Communicate and oversee of Group IT security projects impacting PACS.
- Be the liaison point between business and IT staff in ensuring vulnerability management issues and remediation, baseline configurations & firewall rule review are coordinated and managed.
- Follow-up and track dispensations, Pentest and vulnerability issues are within company’s risk appetite and tolerance.
- Ensure IT operations and activities are complied with IT security standards set by PACS Group and regulatory guidelines by the Monetary Authority of Singapore (MAS) and PDPC.
- Suggest and implement continuous improvement and automation of daily BAU activities.
- Work with different organization functions to ensure employees are aware & trained about cybersecurity issues & practices.
- Familiar with access management and experiences in supporting company wide access reviews, privilege access reviews and remediation.
- Technical skills and hands-on experience with Information Security related solutions and technology such as, Active Directory, LDAP, EDR, Antivirus, WAF, Proxy, Firewall, DLP and SIEM & Vulnerability management.
- Basic understanding on Cyber Security, IT networking, Windows OS, technical troubleshooting, and problem solving.
- Experience in supporting IT Audits
- Experience with MAS TRM, Cyber Hygiene Notice and related regulations.
- Sound knowledge of Information Security management frameworks such as NIST CSF, ISO 27001 & best practices.
- Experience with implementation or administering of security technologies.
- Experience in design and develop reports and data visualization dashboards using Power BI, and various reporting & visualization tools.
- Experience in Agile / Scrum, CI/CD, DevSecOps will be beneficial.
- Experience in Software Development Lifecycle will be beneficial.
- Independent and works well across different functions in dynamic environment.
- Excellent problem analysis skill and innovative and creative in developing solutions.
- Strong sense of drive and commitment to deliver on responsibilities.
- Strong verbal and written communication skills
- Self-motivated and results oriented, including ability to prioritize conflicting demands.
- Ability and willingness to be hands-on.
- 2-8 years in IT Security or Technology Risk Management role
- Certification in cloud technology or any other IT Security related such as SSCP, CompTIA Security+ or CEH.
- Fluent written and spoken English