Job scopes:

• Lead, manage, and develop the SecOps team to become a High-Performance team with low attrition.
• Ensure SecOps team adopt, enforce, and comply with the Security Incident Response Framework ("SIRF").
• Update and maintain the SIRF document.
• Managed identity fraud detection services.
• SecOps team collaborate and adhere to the instructions from the client's Security Incident Response Manager ("SIRM"), Security Incident Response Officer ("SIRO"), Chief Information Security Officer ("CISO") and security personnel when responding and resolving security incidents involving client software & infrastructure services or related services.
• SecOps team shall regularly review and enforce the controls, policies, and processes to ensure every client software & infrastructure service perform its rotation of certificates, secrets, and keys. The SecOps team shall document its review and provide such documented reports for review with the client.
• Ensure the SecOps team adopt, enforce, and comply with the client Security Incident Response Framework ("SIRF"). Update and maintain the client SIRF document.
• SecOps team shall collaborate and adhere to the instructions from the client's Security Incident.
• Actively monitor and perform analysis of security alerts and logs of client software & infrastructure.
• Review and provide statistical security reports for the construction and enhancement of new and/or existing policies and rules to secure client software & infrastructure services during operations.
• Analyse, propose and configure new security detection rules and policies in response to emerging or ongoing threats, exploits and vulnerabilities.

Job requirement

• Bachelor's degree in Computer science or any related field
• Minimum of seven (7) years' work experience in IT security field involving enterprise systems and network infrastructure.
• Valid and current professional information security certifications (CISSP and CISM).
• Good interpersonal, presentation, written and communication skills.
• ICT security management and governance, ICT security risk assessment and management, Vulnerability assessments, ICT security audit, penetration testing and other ICT security tests.
• International standards and best practices for IT security such as those published by ISO/IEC, NIST, Center for Internet Security (CIS), etc.
• Privileged Access Management ("PAM") software.
• Endpoint Protection and Detection Platform ("EPP/EDR") for endpoint devices.
• Commonly used Network security prevention and segmentation tools such as Next Generation Firewall ("NGFW"), Intrusion Prevention System ("IPS"), Web Application Firewalls ("WAF").
• VMS and container security for infrastructure and application services such as vulnerability scanning tools and container run-time protection tools.
• Network segmentation tools Virtual Private Cloud ("VPC"), Proxy, Gateways, Security Groups, NACL etc.
• Security monitoring tools such as AWS Guard Duty, AWS Security Hub, SIEM, DAM solutions and tools.
• Crypto modules, secrets, and key management services such as managed or self-host Hardware Security Module ("HSM"), data and storage encryption.

Cristina Malabuyoc Malijan EA License No. 02C3423 Personnel Registration No. R1111547

Please note that your response to this advertisement and communications with us pursuant to this advertisement will constitute informed consent to the collection, use and/or disclosure of personal data by ManpowerGroup Singapore for the purpose of carrying out its business, in compliance with the relevant provisions of the Personal Data Protection Act 2012. To learn more about ManpowerGroup's Global Privacy Policy, please visit https://www.manpower.com.sg/privacy-policy