To establish and maintain a corporate-wide information cyber security management program and ensure that information assets are adequately protected.
2. Primary Duties Performed
Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program;
Work directly with the CTO and all IT functions to facilitate cyber security and risk assessment and its processes;
Evaluate the IT threat landscape to reduce risk, leading auditing, and compliance initiatives;
Assist in implementation of the IT Cyber Security strategies, policies and procedures;
Prepare the documentation for the IT Cyber Security reports and guidelines;
Develop and enhance an information security management framework;
Monitor, maintain and administrate the IT security devices (such as Firewalls, Cor Switches, Web filtering, Spam Filtering devices, etc.) in coordination with IT Infrastructure and Cloud Unit to ensure no threats impacting the operations of these devices;
Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services;
Partner with business stakeholders across INDEX Holding group to raise the awareness of Cyber Security risk management concerns by conducting the required training and workshops;
Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems;
Manage and maintain cyber security incident management and track accordingly;
Review the audit reports and assist to tackle the security issues raised by the auditors;
Conduct a periodic security check on all the relevant IT systems and services that are running in production;
Conduct a periodic penetration testing to the relevant technologies that are running in production;
Conduct a periodic vulnerability assessment to the relevant technologies that are running in production;
Perform a periodic check of the backup restoration practice in INDEX holding to ensure the consistency of the backup data and integration;
Assist in controlling IT related risk by advising management and functional units on all IT policies and procedures;
Ensure the confidentiality and protection of corporate data, proprietary information and intellectual property;
Check the updates on the systems to ensure the patch management with the latest patches and upgrades on a regular basis;
Assist in managing the crisis situations, involving complex technical hardware or software problems and ensure adequate provision for business continuity and disaster recovery;
Ensure that INDEX Holding is adaptable to evolving cyber security compliance regulations;
Solicit, study and evaluate all IT Projects Plans to ensure low risk effectiveness, in addition, identify and develop risk analysis and supervise risk management for the IT department;
Undertake such other tasks as and when required by the Chief Technology Officer.