ITCISO10 - Team Leader Security Service & Development
We are looking for a qualified Team Leader Security Service & Development for Information Security Organisation
Job Descriptions :
- Create security control parameters for software and applications and ensure they are included in the solution design document in SDLC Lead the technology risk assessment and security testing team and ensure security risks and vulnerabilities are identified, tracked and remediated in accordance with the bank’s risk assessment methodology
- Subject matter expertise of banking technology standards & regulations (e.g., COSO, COBIT, UU - ITE, PBI, POJK)
- Deep understanding on Banking Technology, IT Security & Governance, IT Infrastructure (e.g., networking, server, operating system & database)
- Familiar with Secure System Development Life Cycle (SDLC) and Agile Methodology
- Full-stack knowledge of common security threats and vulnerabilities
- Possess good analytical, and problem-solving skills
- Have a good ability to develop technical documentation
- Very good communication and interpersonal skill
- Excellent English written/verbal
- Team work player with leadership capability
- Have Bachelor Degree from reputable University with education background from Computer Science / Information Technology, Science & Technology, Business Studies / Management or equivalent
- 5+years of relevant experience on Information Security in Financial / Banking Industry
- Expert knowledge of IT security technology (e.g., firewall, IPS, key management, antivirus, patch management, end point protection)
- Advance knowledge of organization, technology controls, security and risk issues.
- Ability to participate in complex, comprehensive or large projects and initiatives.
- Ability to serve as a lead expert resource in technology controls and information security for project teams, the business, organization and outside vendors.
- Information Security Certification / Accreditation, Preferable CISSP / CISM / CISA / CEH / EnCe
- Strong working knowledge of industry frameworks (e.g., ISO 27002, NIST Cyber Security Framework, OWASP)
- Minimum S1 with relevant background