Sr. Officer-Application Security Platform

Date: Apr 15, 2024

Sr. Officer-Application Security Platform

Location: ID Level: Employment Status: Permanent Department: Group IT Corporate Security Description:

• Create and implement security guidelines and security standard pertaining to the security of applications, system, security tools and solution related with Application Security. Managing day to day all application security platform (i.e. antivirus, data loss prevention, VPN etc) into all IT, Telco and Cloud domain.
• Oversee the creation, execution, and maintenance of a robust platform dedicated to application security. This pivotal role ensures the safety of the organizations applications from cyber threats, safeguards sensitive data confidentiality and integrity, and upholds a strong defense against evolving security challenges.
• Building a strong defense against cyber threats and ensuring the protection of the organizations applications and sensitive data. By implementing a robust security platform, identifying vulnerabilities, promoting security awareness, and fostering collaboration, the manager plays a vital role in maintaining a secure and resilient environment.

Requirements: Qualification:

• Minimum bachelor’s degree in relevant field (Information Technology/ Electrical Engineering/Telecommunication Engineering, Computer Science, Communications, Information Security, Business, Technical) with minimum 8 years experience.
• Security or enterprise architecture certificates such as CISSP, CISM, GIAC, CISA, CEH, and ISO 27001 Lead Implementor/Lead Auditor, etc.
• Knowledge in Application Security. Have in-depth understanding related with application security concepts, principles, and best practices i.e. Anti Virus, Anti Malware, EDR, Network Access Control, Data Loss Prevention, Security Patching and Hardening, VPN, SSL etc.
• Familiarity with common vulnerabilities and exposure to secure coding is preferrable.
• Proficiency in security protocols, cryptography, authentication, authorization, security vulnerabilities, and remediation techniques. Familiarity with programming languages and frameworks is a plus.
• Proficient in: LINUX, Windows Servers, Unix.
• Knowledge: User Access Matrix and User Application Matrix
• Knowledge in SSO and MFA for Authentication Access ID
• Ability to analyze and identify actions to be taken.
• Honesty and high-integrity character
• Working well under pressure
• Good communication and influence skill
• Strong understanding of all Information Security Domains
• Sound understanding of businesses supported and security principles and policies
• Knowledge of network, system, and application monitoring technologies

Related Experience:

• Demonstrated experience in developing, implementing, and maintaining security policies, procedures, and guidelines.
• Having knowledge about security frameworks and standards like ISO 27001, NIST Cybersecurity Framework, and OWASP (Open Web Application Security Project) can be advantageous.
• Experience in developing and implementing vulnerability management programs, including vulnerability assessment and remediation.
• Incident Response Experience. Practical experience in developing and executing incident response plans, including forensic analysis and post-incident reporting.
• Leadership and Communication Skills. Strong leadership and communication skills to effectively manage a team, collaborate with other departments, and convey complex security concepts to non-technical stakeholders.
• Regulatory Compliance Knowledge: Awareness and understanding of relevant data protection laws, regulations, and industry compliance standards.

Skills:

• Information System Management
• Operational Management
• Enterprise Risk Management
• Software Engineering
• IT Security Management
• Telco Knowledge
• Strong verbal and written communication skills (fluency in English is required)
• Strong interpersonal and communication skills with a proven ability to collaborate with cross-functional teams, including IT, Security, Compliance, and Legal.
• Strong analytical skills to identify security risks, assess their potential impact, and devise effective solutions.
• Previous roles involved risk assessment, vulnerability management, and implementation of proactive security measures to mitigate identified risks.
• Good communication skill both writing and verbally to be able to work together with all employees in the company.
• Ability to convey message in clear, concise and simple way to various employees in the company.
• Ability to deliver and develop presentation in front of different audience and answering their questions.
• Have integrity, confidentiality and independence.
• Collaboration and Teamwork: Ability to collaborate with cross-functional teams, especially with development and IT teams, to integrate security into the software development life cycle.
• Project Management: Project management skills to plan, execute, and monitor security initiatives effectively.