Information Security Manager - DevSecOps
Job Title: | Information Security Manager - DevSecOps |
Contract Type: | Permanent |
Location: | |
Industry: | Technology |
Reference: | 44973_1604970439 |
Contact Name: | Andrey Sin |
Contact Email: |
Job Description
Job Descriptions:
- Support the Dev teams to implement Secure Software Development Life Cycle (SSDLC) program; Regularly report the progress and issues.
- Define and develop a structured approach that identifies, quantifies, and addresses Application security risks through industrial best practices.
- Advise on implementation and selection criteria of security components, tools and processes for improving DevSecOps frameworks.
- Supervise Penetration test, vulnerability management and bug bounty program activities to Applications. Address security vulnerabilities and coordinating relevant stakeholders for the mitigation actions.
- Support Dev teams on High Level Design review of solutions following secure by design principles.Deliver secure code training program to Dev team.
- Support Dev teams to address possible findings and gaps arising from ISF assessment, Identify potential threats, such as structural vulnerabilities that can be identified, enumerated, and prioritized - all from a hypothetical attacker's point of view on Web Applications (threat modelling).
- Support in defining security requirements for Dev teams on the basis of high level requirements coming from CISO;
- Provide support to the Asia development team on cybersecurity topics.
- Support SecOps team on developing SOC use cases and alerts.
- Support Dev teams in cyber security incident response process.
- Continuous DevSecOps improvement by planning and executing security projects.
The Successful Candidate :
- Minimum of 7 years hands-on experiences on Application Security, security architecture and DevOps, at least 2 years in managing or leading a team.
- Strong Expertise with Open Source Security Testing Methodology Manual (OSSTMM), Open Web Application Security Project (OWASP), and National Institute of Standards and Technology (NIST) Special Publications
- Technical knowledge of relevant security tools and processes such as Penetration test and Vulnerability Management.
- Fluent English communicator, ability to lead through influence, communicate effectively to stakeholders on risk mitigation and implementing security controls.
- Strong understanding of Application Design including web, mobile and backend platforms, DevOps, APIs (JSON/REST/SOAP), Database, Cloud Security, Infra as Code (IaC), TCP/IP, system and network fundamentals.
- Strong problem solving and project execution skills. Ability to handle changing priorities and drive difficult decisions.
- Extensive knowledge of information and technology security management (ITSM) technologies, methods, standards, and processes as well as knowledge of compliance, legal, internal / external audit & regulatory requirements.
- Knowledge of common information security management frameworks, including but not limited to: ISF, ISO 27000, ITIL, COBIT and NIST is desired.
- Professional security management certification, such as a CISSP, CISM, CEH is desired
- Professional certification on Penetration Testing such as OSCP/E, GWAPT, GPEN, or GXPN certification(s) or other similar credentials will be an added advantage.
Click "Apply Now" to apply for this position or call Andrey Sin at +852 3180 4951 for a confidential discussion. All information collected will be kept in strict confidence and will be used for recruitment purpose only.
Job has Expired
Get similar jobs like these by email
By submitting your details you agree to our Privacy Policy
Consultant
Share this job
Similar jobs
-
IT Manager, Networking
-
IT Manager(Infrastructure & Operations)
-
System Manager (ERP/OracleEBS) ~55K
-
Senior IT Manager, Digital PropTech
-
Project Manager / Lead (ERP, Applications) ~55K
-
Senior Manager, Operation - Innovation Technology
-
Project Manager (ERP & Data Migration) ~50K
-
Data Science, Senior Manager (GPT, NLP)
-
Senior Manager, Data & IT Analytics Transformation
-
Senior IT Manager (Ecom&Supply Chain)~Global FMCG, 65-70K
-
Cybersecurity Analyst
-
Cloud Engineer, IT Solutions Provider