- Kuala Lumpur Federal Territory Malaysia
工作地点
职位描述
岗位职责
Job Role: Security Architect / Security Auditor
Employer: An international multi-utility company that is engaged in power generation, water and sewerage services, telecommunications, digital infrastructure (data centres), and infrastructure investment holding activities.
Location: Kuala Lumpur, Malaysia
Job Type: Permanent
Working Mode: On Site / Full Time
Experience: Minimum 2+ years of hands-on experience in system security architecture, cybersecurity governance, risk and compliance (GRC), IT infrastructure, and secure system design, with experience in threat modelling, security frameworks, and cloud/hybrid environments.
JOB DESCRIPTION
• Directly support the Lead System Security Architect and Security Compliance Lead.
• Develop, review and implement security architectures and frameworks for IT systems, networks & applications, and OT environments.
• Define and enforce security policies, procedures, and best practices.
• Prepare and/or evaluate security requirements proposed for project or tender submissions.
• Define and employ governance and risk management procedures and methodologies.
• Define security roadmaps based on business and enterprise priorities.
• Develop security surveillance strategies, frameworks, and procedures.
• Develop security assessment surveys and maturity measurement methods.
• Identify vulnerabilities and perform security risk assessments.
• Evaluate and recommend security tools and technologies.
• Coordinate and communicate GRC activities across the Group’s subsidiaries.
• Define and manage data gathering and reporting across the Group’s subsidiaries.
• Develop and maintain system security architecture and design standards / templates.
• Maintain records of system architectural patterns and secure engineering solutions.
• Work with the Cyber Security Architect to ensure all aspects of Cyber Security Operational capability are developing appropriately and to communicate threat intel across YTL subsidiaries as required.
• Work with the Security Compliance Lead to ensure all aspects of the GRC function are planned, implemented and applied effectively.
JOB REQUIREMENTS
• Knowledge of Threat Modelling techniques such as Mitre ATT&CK, PASTA, STRIDE and Attack Trees.
• Knowledge of Enterprise Architecture Frameworks such as TOGAF, DODAF, Zachman / SABSA, Gartner EA, Archimate.
• Knowledge of Standards and Control Frameworks such as NIST 800-53 Rev.5, CIS Top 18, ISO27001/2, PCI-DSS & OWASP Top Ten.
• Detailed experience with hybrid and cloud architecture / system design and implementation.
• In-depth knowledge of zero trust principles, network security, cloud security, cryptography, and secure software development.
• Practical experience in NIST CSF and CIS Controls assessment and implementation.
• Demonstrable experience delivering detailed system security design and threat modelling.
• Excellent written and verbal communication skills.
• At least 2 years work experience as a System Security Architect.
• Previous work experience in IT architecture and infrastructure.
重要安全守则
申请工作时,切勿提供您的银行或信用卡详细资料。不要转账或完成无关的在线调查问卷。如果您发现可疑内容,请举报此招聘广告。