Information Security Consultant (GRC)

Implement information / IT security engagements for clients both as a team member as well as team lead.

Provide delivery expertise on information security projects. This could be on technical or process aspects (such as Information Security Management Systems (ISMS) or ISO 27001, Business Continuity Management / IT Disaster Recovery Management or ISO 22301/ ISO 27301, Data Loss Prevention (DLP), Identity and Access Management (IAM), cloud security, cyber security design, tools and solutions, security strategy and security project management).

Provide advice in the identification, assessment, mitigation and management of information security risks and issues across the information security spectrum.

Identify best practices for Information Security into technically feasible and user friendly deliverables and communicate to clients and their Information Security staff.

Help in conduct of training on information security solutions when required.

Gain understanding of key customer issues and help create proposals as required.

Build own knowledge and competency in cyber security and gain alignment and understanding of at least one industry.

Lead and manage teams when required, prioritize responsibilities and tasks to deliver quality and timely results and coach & motivate subordinates working as part of the team.

At least three years of working experience in Information Security or IT security and IT systems and / or industry knowledge is preferred.

Familiarity and experience in security standards and regulatory frameworks (e.g. ISO/IEC 27001, ITIL, BNM RMiT, MAS TRM Guidelines, PCI-DSS, etc.)

Experience in delivering a security engagement such as projects in ISMS / BCP / IT DR / DLP is preferred.

Experience in a particular industry is preferred such as telecom, financial services, government etc.

Degree in any discipline and/or MBA from a recognised institution; IT Degree preferred.

Must have at least one of the following security certifications CISSP, CCSP, SSCP, GSLC, GISP, CISM,

CRISC, CGEIT, CISA, ISO 27001 Lead Auditor, etc.

Any additional security related certifications are a plus e.g. CISSP, CCSP, SSCP, GSLC, GISP, CISM, CRISC, CGEIT, CISA, CCSK, CEH, CCNA, ISO 27001 Lead Auditor, etc.

Related certifications are a plus e.g. CISSP, CCSP, SSCP, GSLC, GISP, CISM, CRISC, CGEIT, CISA, CCSK, CEH, CCNA, ISO 27001 Lead Auditor, etc.

Good overall understanding of the information security roles and activities.

Good understanding of at least one information security & regulatory standards/ frameworks; e.g. ISO/IEC

27001, COBIT, PCI-DSS, NIST Cyber Security Framework, BNM RMiT, MAS TRM Guidelines, etc.

Good technical knowledge on at least two of the following areas:

• - Data Security, Privacy, Classification and Data Loss Protection.
  

• - IT Disaster Recovery Planning and Business Continuity Management.
  

• - Network security architecture, management and controls including firewall, routers, IPS etc.
  

• - Threat Intelligence & Advanced Persistent Threats (APT).
  

• - Security Strategy and Roadmaps.
  

• - Security Policy, Standard and Framework.
  

• - Information Security Management Systems.
  

• - Log Management and SIEM.
  

• - Identity and access management solutions and implementation.
  

• - Cloud security.
  

• - Governance, Risk and Compliance (GRC).