IT Security Officer
STACS is a fast growing fintech company and we are looking for a IT Security Officer to change the world together with us.
The primary role of the IT Security Officer is to ensure that it acts in the best integrity to align to STACS’s Information Security Strategy and achieves STACS’s information security objectives. It works with the various Committees of the Company (such as ISMS Committee, Risk Committee & BCM Committee) to undertake these aspects:
- Establishing, implementing and maintaining the Information Security Management System in compliance with the Information Security Policies governed under ISO Standards, SOC2 Type 2 and all relevant local regulations pertaining to IT Security compliance standards.
- Coordinating operational security activities for Hashstacs’s, managing the ISMS daily and conducting risk assessments, and in some cases timely remediations of internal/external audits points pertaining to all IT Security matters.
- Escalating any issues, as necessary, to the ISMS Manager and respective Committees that govern after IT and Operational Security matters.
- Administer and maintain the security of AWS, Atlassian, and Microsoft platforms, including user access management, security configurations, and vulnerability assessments.
- Conduct regular security assessments and audits to identify and mitigate potential risks and vulnerabilities.
- Collaborate with cross-functional teams to develop, update, and enforce IT security policies, procedures, and guidelines.
- Provide company-wide training on IT Security Awareness to promote a culture of security consciousness and best practices.
- Stay up to date with the latest industry trends, threats, and technologies to proactively identify potential security risks and recommend appropriate countermeasures.
- Manage vendor relationships, including selection, evaluation, and ongoing oversight to ensure compliance with security requirements.
- Perform proof-of-concept evaluations for new security technologies, solutions, or enhancements.
- Respond to security incidents, conduct investigations, and provide recommendations for incident response and remediation.
- Collaborate with internal and external stakeholders to develop and implement incident response plans and business continuity strategies.
- Maintain documentation of security processes, procedures, and controls to meet regulatory and compliance requirements.
- Participate in security-related projects, initiatives, and risk assessments as required.
- Graduate from a recognized University with a degree in Computer Science, IT Engineering subjects is preferred.
- Professional certifications such as CISSP, Security+, CEH, or similar are welcomed.
- Proven experience in administering AWS, Atlassian, and Microsoft platforms.
- In-depth knowledge of IT security principles, best practices, and standards.
- Ability to monitor surveillance systems and respond to emergency situations
- Excellent team-building and leadership skills
- Ability to pay close attention to detail
- Interest in protecting the people and assets within the organization or company
- Able to handle stress well, maintain a positive attitude, full of initiative and able to work independently with minimum supervision.
Technical Skillset Requirements
- 2- 3 years’ working experiences in IT Security operations
- Good knowledge of Industry Standards such as ISO 27001, PDPA, NIST, PCI-DSS, MTCS and TRM.
- Good command of English, both written and spoken.
- Able to work independently & take ownership, an out-of-the box thinker with modern concepts and initiatives who likes to come out of the comfort zone with a can-do attitude.