Security Manager

Major Accountabilities

Security Controls

• It aims to coordinate external audits, tackle the regulators requirements and smartly invest in IT controls
• Establish reviews, assess, testing in IT InfoSec (Conducting security assessments and penetration tests to identify vulnerabilities in systems, networks, and web applications)
• Perform regular security testing
• Provide recommendation to IT & BU
• Maintain and follow up the findings
• Security Architecture
• Aims to unify security design that addresses threats and risks scenarios related to our IT environment. It also specifies when and where must be relevant security controls applied.
• Translate security vision to security model (Security architecture design and consulting)
• Create group architecture of security service
• Assess impact of cyber threats on Business service
• Assure all IT service are comply security Policy
• Secure Development
• Secure development aims to secure customer applications by design to limit further investments caused by development bugs and mistakes
• Create security baseline
• Adapt the baseline
• Create a group virtual team to share practices
• Automate and integrate security check into development pipeline (Develops)
• Security Operation
• Security Operations aims to keep security tools standardized, efficiently utilized, and continuously developed in line with Security governance, architecture and financial market standard requirements
• Implement security technologies
• Standardize/develop security technology stack
• Provide expertise and consultation
• Detect and prevent any cyber threat in IT environment
• Security Operation Center e.g. Blue team and Red team
• Regular review all user privilege with system owner and team member