IT Corporate
Infrastructure Support Analyst Contract
|
PBS |
Skillset |
|
Application Security |
|
Incident Detection and Response
- Monitor and analyse security events and alerts to identify potential security incidents.
- Investigate and assess the nature and severity of security incidents.
- Develop and implement incident response procedures to mitigate risks and minimize impact.
- Work with relevant team members to ensure timely and effective incident resolution.
Vulnerability Management
- Review regular vulnerability assessments and penetration testing results.
- Identify and prioritize vulnerabilities based on their severity and potential impact.
- Work with system administrators and developers to address vulnerabilities.
- Implement and maintain vulnerability management tools and processes.
Security Monitoring and Analysis
- Monitor security logs and systems for potential security breaches.
- Analyse network traffic and system logs to identify suspicious activities.
- Provide real-time monitoring and analysis of security events.
- Provide information or summary of the reports on security incidents, trends, and vulnerabilities.
Security Policies and Procedures
- Review and ensure systems and processes are align and comply with updated security policies (IM8), standards, and procedures.
- Ensure compliance with industry best practices.
- Provide guidance and support to team members regarding security policies and procedures.
Security Tools and Technologies
- Implement and manage security tools and technologies.
- Administer security systems such as *firewalls, *intrusion detection systems, and antivirus software.
- Conduct research on emerging security technologies and recommend improvements.
- Maintain up-to-date knowledge of security threats and countermeasures.
Risk Management
- Perform risk assessments to identify potential security risks and vulnerabilities.
- Develop risk mitigation strategies and controls.
- Monitor and report on the effectiveness of risk management activities.
- Work with stakeholders to address and resolve security-related risks.
Security Incident Reporting and Documentation
- Document security incidents with their root causes and remediation actions.
- Prepare incident reports for management and stakeholders.
- Maintain accurate and comprehensive records of security incidents.
Collaboration and Communication
- Work with cross-functional teams to address security-related issues.
- Communicate effectively with technical and non-technical stakeholders.
- Provide guidance and support to IT teams on security-related matters.
- Participate in security incident response drills and exercises.
|
pecifications |
Requirement |
Remarks/ Comments |
|
The candidate shall have the followings requirements: |
|
|
|
(a) At least 5 years of Information Security working experience in a complex IT |
Mandatory |
|
|
|
|
|
|
(b) At least 5 years of working experience in Security Administration of one or more of the following systems: |
|
|
|
i) Active Directory |
Mandatory |
|
|
ii) Privileged ID Management tools |
Mandatory |
|
|
iii) Identity Governance & Administration tools |
Mandatory |
|
|
iv) Windows |
Mandatory |
|
|
v) Unix |
Mandatory |
|
|
vi) Linux |
Mandatory |
|
|
vii) MSSQL |
Mandatory |
|
|
viii) Oracle |
Mandatory |
|
|
ix) Mainframe |
Mandatory |
|
|
x) AS400 |
Mandatory |
|
|
xi) Teradata |
Mandatory |
|
|
|
|
|
|
(c) Certification in CISSP, CRISC, CISM. |
Preferred |
|
|
|
|
|
|
(d) Good Project Management experience and skills. |
Preferred |
|
|
|
|
|
|
(e) Must be self-motivated, independent without much supervision, meticulous, systematic, dedicated, committed and result-oriented team player with strong initiative, and possess good inter-personal, communication, analytical and presentation skills. |
Mandatory |
|
|
|
|
|
|
(f) The candidate shall be required to perform some or all of the following duties according to the area he/she is assigned to support: |
|
|
|
i) Perform ID and Access control provisioning in one or more of the following systems: |
|
|
|
– Active Directory |
Mandatory |
|
|
– Privileged ID Management tools |
Mandatory |
|
|
– Identity Governance & Administration tools |
Mandatory |
|
|
– Windows |
Mandatory |
|
|
– Unix |
Mandatory |
|
|
– Linux |
Mandatory |
|
|
– MSSQL |
Mandatory |
|
|
– Oracle |
Mandatory |
|
|
– Mainframe |
Mandatory |
|
|
– AS400 |
Mandatory |
|
|
– Teradata |
Mandatory |
|
|
ii) Review and develop process for ID and Access control administration. |
Mandatory |
|
|
iii) Review IDs, Accesses and Security Settings to comply with polices and standards. |
Mandatory |
|
|
iv) Develop and maintain Baseline Security Standards (BSS) for Privileged ID Management (PIM), Identity Governance & Administration (IGA), Mainframe & Database Computer (DBC) and AS400. |
Mandatory |
|
|
v) Conduct BSS compliance checks periodically for PIM, IGA, Mainframe & DBC and AS400. |
Mandatory |
|
|
vi) Provide governance on the service provided by the Service Providers. |
Mandatory |
|
|
vii) Manage the escalation processes and perform service recovery for incidents that directly impact services or users. |
Mandatory |
|
|
viii) Conduct internal security reviews. |
Mandatory |
|
|
ix) Assist in the extraction of artefacts for auditors. |
Mandatory |
|
|
x) Support periodic fixes/patches and upgrades. |
Mandatory |
|
|
xi) Assist in the planning, review and testing of the IT Business Continuity Plan. |
Mandatory |
|
|
xii) Ensure strict adherence to the Board’s internal processes, procedures and policies for quality output as well as sound security controls. |
Mandatory |
|
|
|
|
|
|
g) The candidate shall quote his/her previous work experiences in performing some or all of the duties described in paragraph (f) in his/her resume. |