IT Security & Compliance Manager (PCI-DSS / ISO 27001)

IT Security & Compliance Manager (PCI-DSS / ISO 27001) Working hour : Mon-Fri, 9am-6pm (WFH once confirmed)

Industry : IT Consulting Solutions

Responsibilities

Manage operational IT Security for a high availability financial service, handle reporting and improvement, and assist in audits and trainings.

Drive analysis and handling of security vulnerabilities and incidents.

Establish, maintain and review compliance with Operational Security processes and procedures, and monitor adherence.

Establish, maintain and review strict access control to information and IT systems according to business needs and access policies.

Perform Access Management activities (grant, change and revoke access privileges).

Establish and maintain an environment that complies with PCI DSS, ISO / IEC 27001 / 27002, and other applicable security standards and baselines.

Monitor and manage security controls (system settings, logs, alerts, audit trails, authentication events, attempts, violations, faulty logons, lockouts, etc.).

Collaborate with clients, application and infrastructure owners to apply and implement security changes / solutions (e.g., protection concepts, security specifications, architecture and design, security assessment).

Contribute to Security Operation Center (SOC) tools, maintenance and operations support.

Preferred Skills

Knowledge of baseline controls including environmental controls, application general controls, third-party access controls and legal / regulatory controls.

Experience working with external auditors on ISAE 3402, PCI-DSS, and other mandatory standards; familiarity with ISO / IEC 27001 family.

Maintaining mandatory standards (health and safety) and ISO / IEC 27001 : 2005 / 27002 : 2005 / 27005 : 2008 when applicable.

Self-starter with ability to work autonomously and willingness to learn and explore compliance and IT security.

Strong written and verbal communication; ability to interact with internal / external stakeholders, auditors and cross-functional teams.

Broad understanding of security technology, IT security standards and compliance.

Qualifications

Overall 8-10 years of IT industry experience, with at least 5 years in IT Security & Compliance.

Self-motivated, able to work independently and as part of a team.

Nice to have : domain knowledge in payments (PCI DSS, PCI PA-DSS), security standards, IT security and assurance, SIEM, and experience with IT operations / SOC tools.

Application questions

Which statement best describes your right to work in Malaysia?

What is your expected monthly basic salary?

How much notice are you required to give your current employer?

#J-18808-Ljbffr