Lead Consultant, Application

Responsibilities:

• Develop and maintain client’s IT Security Management and Cyber Security Plan focus on Applications Systems and IT Infrastructure
• Harmonise obsolescence management efforts across Applications Systems
• Perform risk review and assessment for potential security vulnerabilities from identified activity and obsolete systems for Applications Systems and IT Infrastructure 
• Conduct regular penetration testing and Static Application Security Tests
• Assess, evaluate,  recommend and advice the mitigating measures to address potential security vulnerabilities
• Schedule security scan for identified systems according to policies, and verify all vulnerability rectifications are satisfactorily rectified
• Schedule mandate annual security self-attestation and independent review for Application Systems and IT Infrastructure and to submit the independent audit / review report to client
• Conduct annual mandate hardening for Application System and IT Infrastructure to ensure compliance to the client policies and directives
• Conduct Security Review on System Access and administration patterns weekly, and report unusual or suspicious activities, if any, to client and HQ Governance Management
• Track, mitigate and deploy patch security vulnerabilities accordingly to the stipulated timeline.
• Maintain oversight and submit reports on monthly basis
• Escalate and/or seek Authority’s acceptance and approval of assessed risks
• Conduct IT Security Management briefings and workshops
• Explore and propose continual improvement to the security workflow and processes to client

The ideal candidate should possess:

• Diploma / Degree in Computer Sciences, Engineering and any Sciences disciplines
• Certified Ethical Hacker (CEH) Certification
• Certified Information Systems Security Professional (CISSP)
• Hands-on experience Splunk, Tenable, BeyondTrust, HP Fortify Static Code Analyzer and Fireeye, WebInspect, BurpSuite and Tools projects in OWASP