Job Description - Lead, IT Security Service Delivery (250000AO)
Job Number:
250000AO
Discover the GREAT in your career.
As a LIFE company, our customers are at the heart of all that we do. Being one of Asia’s leading insurers for over a century, we have built a long-lasting legacy of trust with our customers over many generations. At the foundation of this trust is Integrity, Initiative, and Involvement – from the way we treat every customer relationship with honesty and transparency, to our proactive approach of delivering the best possible solutions in both life and general insurance.
If you are looking to grow in an exciting career filled with opportunities and potential, we are seeking a professional to join our team as Lead, IT Security Service Delivery where you will primarily be responsible for leading the Great Eastern Security Product Management Services (SPMS) Team and act as a single point of contact to the management team for further action.
The Role:
- Primary escalation point of the SPMS Engineers for any identified potential anomalies and will perform in-depth investigation into the matters.
- In the event of a security incident, the SPMS Lead will also serve as the primary incident responder and ensure that communications as well as adequate resolutions are implemented on a timely basis.
- SPMS Lead is responsible for the operation of the SPMS team. The role will need to provide leadership, expertise, and direction aligned with security goals to the SPMS team.
- Lead and support end-to-end security operations tools service delivery lifecycle such as ensuring contract SLA compliance, track and monitor license utilization, service performance incidents and vulnerabilities.
- Manage and work closely with Managed Security Service Provider (MSSP) and internal teams to improve SPMS processes and procedures.
- Manage relationships with security product principals (e.g.: Trend Micro; Trellix, etc.).
- Handle escalation from SPMS analysts of Managed Security Service Providers (MSSP) ensuring that escalations are handled within agreed SLAs.
- Plan, develop & constantly review SPMS related policies, standards, and procedures.
- Collaborate with other BAU functions such as Infrastructure, Network, EUC, Cloud, Technology, Risk Management, Assurance & Audit, and Risk & Compliance team to ensure security tools implementation & security reporting is established as well as manage risk matters adequately.
- Provide regular reports to management on the status of the SPMS’s operations, security incidents, and security posture as well as to highlight any potential trend based on SPM reporting metrics.
- Constantly review and upgrade SPMS related system component solutions (such as SIEM, SOAR, EPP, EDR, etc.) to always ensure effective operational and defense capabilities.
- Identify gaps and propose countermeasures inclusive training requirements for the SPMS team as well as handling audit and compliance for overall SPMS operations.
- Takes accountability in considering business and regulatory compliance risks and takes appropriate steps to mitigate the risks.
- Maintains awareness of industry trends on regulatory compliance, emerging threats, and technologies in order to understand the risk and better safeguard the company.
- Highlights any potential concerns/risks and proactively shares best risk management practices.
- As part of the leadership team, work with key stakeholders to proactively shape the organisation’s culture and conduct environment that is aligned to the organisation’s Core Values.
- Champion culture and conduct behavioral expectations within the Department/Division.
- Other responsibilities entailed.
The Person:
- Possess a Degree / Professional Degree / Master’s Degree in Computer Science / Information Technology / Engineering or equivalent.
- Having IT Security related certifications (CISSP, CISA, etc.) is an added advantage.
- Minimum 5 to 7 years of working experience in Security Product Management (SPM) and Information Security.
- Experience in handling security incidents and process improvement.
- Broad knowledge in infrastructure, information, and application security and related topics (i.e. DMZ, PKI, SSL, multi-factor authentication, cryptography and secure communications, wide range of security domain, tools, and product management).
- Familiarity with security frameworks, such as NIST Cybersecurity Framework, ISO27001, PCI DSS, and CIS Critical Security Controls.
- Familiar with MAS TRMG and BNM RMiT regulatory requirements and compliance.
- Strong analytical and problem-solving skills, with the ability to identify and assess security risks and develop appropriate mitigation strategies.
- Experience with incident management and response, including conducting post-incident reviews and developing corrective action plans.
- Knowledge of current security events and a demonstrated passion to stay informed of best practices & trends within the industry.
- Excellent communication and leadership skills, with the ability to motivate and inspire a team to achieve its goals.
- High level of integrity, takes accountability of work and good attitude over teamwork.
- Takes initiative to improve current state of things and adaptable to embrace new changes.
- Demonstrates alignment with the organisation’s core values through expected behaviours.
Great Eastern Malaysia is committed to Equal Employment Opportunity, and all qualified applicants shall receive a fair and equal consideration for employment.
Entity: Great Eastern Life Malaysia
Employment Type: Permanent