Associate Director, Information Security Operations

About the Role

We are seeking an experienced senior manager to lead our information security team, combining strong hands-on technical expertise as well as people management experience in the information security domain. They will lead a team to manage. They will lead a team to manage Security Operations (SecOps), encompassing threat detection and response, incident management, vulnerability management, security monitoring, and continuous improvement of defensive capabilities.

WHAT YOU’LL BE DOING:

Infrastructure Security

• Manage end-to-end infrastructure security activities, such as vulnerability management, servers’ security monitoring & hardening, infrastructure as a code, etc.

• Design and/or review infrastructure security architecture proposal for various security-driven initiatives for on-premises and cloud environment.

Cloud Security

• Manage compliancy level of AIA SG cloud security assets based on ongoing regular scanning according to the defined threshold.

• Evaluate the security aspect of new cloud-based solutions proposed by application development team, infrastructure team, or business users.

• Manage various cloud security BAU activities, such as assets provisioning, deprovisioning, hardening, etc.

Identity and Access Management

• Supervise the AIA-SG IAM Manager and their team performing IAM Governance functions for the Business Unit.

Cyber Security & Security Incident Handling

• Work with Security Operation Centre (SOC) Team to ensure secure protection of AIA SG environment.

• Deploy new cyber security initiatives and roll out the platform together with SOC Team.

• Point of contact for security incident handling and investigation, starting from incident is identified, handled, and resolved.

Security Advisory

• Provide feasible security recommendations or guidance based on queries / changes initiated by application development team, infrastructure team, or business users.

• Facilitate challenging security conversations and provide acceptable solutions where IT standards are contradicting with business demands to achieve acceptable business solutions without sacrificing security and compliance aspects.

People Development

• Supervise 8 team members.

• Drive a continues Learning and Development program for the team members through inhouse and external training programs.

• Lead promotion of activities to increase information security within your teams to embed and continuously improve adherence to good practice.

WHAT WE ARE LOOKING FOR:

• University degree in one of the following or related disciplines (Computer Science, Computer Engineering, Information Security, Information Systems).

• Minimum 15 years of experiences of information security domain, especially in Application Security, Infrastructure Security and Cloud Security.

• Preferable to have security infrastructure operation background with hands-on experiences of designing and/or reviewing application security or infrastructure security.

• Hands-on information security experience in the Multiple Cloud Environment (SaaS, PaaS and IaaS) and Cyber Incident management.

• Certifications related to security architecture or Cloud Security is preferable, such as CCSP, Azure DevOps certification, Azure Solutions Architect certification, etc.

• Preferably a holder of one or more of the following information security and audit qualifications: CISSP, CISA, CRISC, CCSP.

• Good knowledge of latest security technologies and cyber landscape in a highly regulated industry.

• Good interpersonal and communication skill.

• Strong leadership with a high integrity, proactive mindset, and strong ownership.

• Working experiences in insurance / banking / IT industry is preferred.

• Infrastructure Security: Windows, Linux, AS400.

• Security Advisory and Assessment, and incident management.