IT Security Officer

The primary role of the IT Security Officer is to ensure that IT acts in the best integrity to align to STACS Information Security Strategy and achieves Hashstacs’s information security objectives. It works with the ISMS Manager and various Committees of the Company (such as ISMS Committee, Risk Committee & BCM Committee) to undertake these aspects:

  • Establishing, implementing and maintaining the Information Security Management System in compliance with the Information Security Policies governed under ISO Standards, SOC2 Type 2 and all relevant local regulations pertaining to IT Security compliance standards
  • Coordinating operational security activities for STACS’s, managing the ISMS daily and conducting risk assessments, and in some cases timely remediations of internal/external audits points pertaining to all IT Security matters
  • Escalating any issues, as necessary, to the ISMS Manager and respective Committees that govern after IT and Operational Security matters
Your Core Responsibilities
  • Train staff on understanding the Company’s IT Security policies, processes and procedures and act as the Company’s gateway to ensure such IT Security policies and processes are adhered to. Make sure that staff follow security procedures and guidelines through training programs and assessments
  • Work with the Tech Department to undertake all the remediation points of all Standard Adoptions programmes of the Company in a timely manner and ensure continuous monitoring of compliance with such ISO, SOC2, MAS TRM attestation requirements
  • Identify and protect company assets through the development and implementation of security protocols
  • Ensure the safety of staff and customers within the workplace
  • Perform security process evaluations and inspections jointly with the Tech Department whenever necessary
  • Prepare the organization and staff for external inspections
  • Undertake documentation works of all policies, charters as well as maintain logs, registers as assigned by Supervisors from time to time in relation to IT Security or IT related matters
  • Participate in all ISMS Matters as assigned by the ISMS Manager/ISMS Committee. Implement the ISMS policies, processes, procedures, and controls; including performing Risk assessment and risk treatment and tracking in the action register. Ensure effective and ineffective measures are identified, and working solutions are implemented
  • Graduate from a recognized University with a degree in Computer Science, IT Engineering subjects is preferred
  • Previous experience working as a security manager, security officer or other security-related job
  • Working knowledge of any required computer programs and security technology
  • Strong communication, documentation and organizational skills. Able to document well in English in a must
  • Ability to monitor surveillance systems and respond to emergency situations
  • Excellent team-building and leadership skills
  • Ability to pay close attention to detail
  • Interest in protecting the people and assets within the organization or company
  • Able to handle stress well, maintain a positive attitude, full of initiative and able to work independently with minimum supervision
Technical Skillset Requirements
  • Diploma, Degree or Cyber Security related qualifications
  • IT Security related certification is an advantage, but not a must
  • 2- 3 years’ working experiences in IT Security operations
  • Knowledge of the following is a plus: Blockchain knowledge; Cloud Infrastructure and Security, DevSecOps, SOC Monitoring, Endpoint/Mobile Security, DLP
  • IT Security Consulting/Audit, Vendor Due Diligence, BCP, IT DRP
  • Vulnerability Assessment and Penetration Testing
  • Good knowledge of Industry Standards such as ISO 27001, PDPA, NIST, PCI-DSS, MTCS and TRM
  • Good command of English, both written and spoken
  • Experiences in audit work with certification bodies pertaining to ISO Standards, MAS TRM or SOC 2 Type 2 reporting attestation work is a plus
  • Able to work independently & take ownership, an out-of-the box thinker with modern concepts and initiatives who likes to come out of the comfort zone with a can-do attitude