POSITION SUMMARY:

The Data Risk Analyst (Operations) will responsible to oversee cloud/on-premise infrastructure security and relevant operation and implement security controls align with industry-standards.

PRIMARY RESPONSIBILITIES:

• Assist in strategic information security planning based on industry-standard best practices to achieve business goals by prioritizing defence initiatives and coordinating the evaluation, deployment, and management of current and future information security technologies
• Administer cybersecurity tools, such as DLP, Web Security Gateway, MDM, VPN, Vulnerability Management, Server Policy Compliance Management, PIM, IAM and MFA
• Participate in evaluating, planning, and implementing of new cybersecurity technologies and systems
• Creates, identifies and enhances processes that may leverage new or existing technologies to improve protection or reduce risk
• Responsible for managing DLP policy and enhancement
• Triage of information security incidents
• Perform malware analysis and reverse engineering
• Assist in identifying data leakages such as Personally Identifiable Information (PII), confidential, or restricted communications
• Performs periodic and on-demand system audits and vulnerability assessments
• Monitor and analyze logs / alerts from SIEM and variety of cybersecurity tools, such as NIPS, Anti-Virus, APT in order to enhance security postures
• Monitor cloud and local environment on an ongoing basis to ensure that it remains secure and compliant with external regulations
• Review firewall change requests and assess organizational risk
• Prepares incident reports of analysis methodology, root cause, and improvement plan
• Develops, implements, and maintains a corporate-wide risk management and employee training / awareness program
• Participate in developing, implementing and assessing data security procedures and controls to ensure compliance with applicable regulatory and legal requirements, such as DICJ, SOX, and ISO27001
• Participate in maintaining information security and risk management policies, procedures and technical standards to support corporate objectives
• Participate in internal audit and prepare risk assessment reports associated with IT infrastructure, system accesses, and potential threats/risks etc.,
• Performs periodic risk assessments of existing application and infrastructure functionality

QUALIFICATIONS:

• 3+ years’ relevant experience in information security. Candidate with more experience will be considered for more senior position
• 2+ years’ experience with installation, configuration, and administration of Forcepoint DLP System
• Experience with other security tools, such as, Forcepoint WSG, CyberArk PIM, ArcSight SIEM, RSA MFA, FireEye APT, QualysGuard, Symantec SEP
• Experience with multiple operating systems security: Windows 2008/2012/2016, Windows 7/8/10, MacOS, Unix, and Linux.
• Solid understanding of network design, architecture, OSI model and TCP/IP
• NOC/SOC experience preferred
• Knowledgeable of exploitation methods, attacks and tools used by skilled hackers
• Experience with interpreting requirements and implementing policies
• Experience with incident handling and threat intelligence in a large enterprise
• Exposure to Cloud computing
• Knowledge of industry standard scoring models such as CVSS, CCSS
• Knowledge of vulnerability attack methods
• Security Strategic Planning and Risk Management
• Knowledge of Web and application based security
• Knowledge of encryption, such as PKI, Kerberos, SSL

Education

• Bachelor’s Degree in Computer Science or other related scientific or technical discipline
• CISSP, or security-related certifications is preferred

Skills / Competencies

• Ability to keep pace with a fast pace and growing company
• Displays the highest level of integrity
• Ability to maintain discretion
• Goal oriented and ability to meet deadlines
• Strong analytical skills/problem solving/conceptual thinking
• Ability to think strategically and execute against a strategic plan
• Must be able to identify, analyze and address problems to resolve issues whenever possible in way that minimizes negative impact and risk to the organization

  Effective organizational and time management skills required

PERSONAL COMPETENCIES:

• Displays a high commitment to delivering results
• Leads others to achieve business objectives
• Achieves agreed objectives and accepts accountability for results
• Displays the highest level of integrity
• Ability to maintain discretion
• Approachable
• Motivated and willing to learn
• Excellent written and verbal communication
• Highly motivated self-starter with ability to multitask and complete assignments within time constraints and deadlines. Individual with desire to learn and teach others, high energy, positive attitude
• Ability to work independently and efficiently