IT Security Analyst

Key responsibilities

• Oversee cyber governance and risk management.
• Create, manage, and enforce the security policy framework and relevant standards.
• Ensure security governance and compliance with industry and regulatory standards (e.g., ISO27001, NIST, MAS TRMG, MAS Outsourcing guideline, MAS Cyber hygiene).
• Coordinate penetration testing to meet local regulatory requirements and report significant security risks to relevant forums.
• Track the remediation status of identified vulnerabilities.
• Identify and evaluate cyber risks, recommend, and implement cybersecurity solutions and initiatives.
• Maintain user cyber awareness and provide advice on emerging security threats and vulnerabilities.
• Organize security awareness training programs for staff.
• Serve as the primary contact for inquiries from senior management and regulatory bodies, including internal and external audit exams.
• Ensure all audit findings are addressed and independently verified within agreed timelines.
• Conduct annual disaster recovery exercises with internal and external parties.
• Regularly assess existing infrastructure, systems, and applications for compliance and vulnerabilities.
• Develop and implement identity and access management policies and procedures.
• Monitor and audit user access activities for compliance and security.
• Manage user access rights and permissions across systems and applications.
• Monitor security alerts and incidents, investigate, and respond to security breaches.
• Manage security incidents according to established protocols, maintain security incident response plans and playbooks.
• Develop, maintain, and manage the Business Continuity Program, coordinating efforts across all department operations into a single plan, ensuring compliance with regulatory requirements, industry standards, and Risk Management requirements.
• Conduct thorough due diligence on all third parties to ensure compliance with MAS outsourcing guidelines and operational risk management guidelines.