Key Purpose:

The primary purpose of this role is to serve as a technical security specialist within the Information Security structure. This individual works closely with the Group Information Security Officer to perform operational functions across all related security capabilities.
Areas of responsibility may include but not limited to:

1. Develops and manages IT security for multiple IT functional areas (e.g., applications, systems, network and/or Web) across VG.
2. Develops and manages security services on Application and Web application
3. Performs based vulnerability scanning, virus management and intrusion detection.
4. Leads and responds to security incidents and investigations and targets reviews of suspect areas.
5. Provides strategic and tactical direction and consultation on information security and compliance.
6. Identifies and resolves root causes of security-related problems.
7. Possess strong / experienced application development and/or application security background; with solid knowledge of SDLC from design, testing, deployment to post production and the different risk elements associated with each step.
8. Consults on teams to resolve issues that are uncovered by various internal and third-party monitoring tools.
9. Communicates reporting results and analytical evaluation to information security management.
10. Maintains contact with vendors regarding security system updates and technical support of security products 11. Works on multiple projects as a team member or technical lead.
12. Monitors and analyses information security performance reports and escalates issues as needed.
13. Leads and reviews application security risk assessments for new or updated internal or third party applications.
14. Evaluates and recommends tools and solutions that provide security functions.
15. Determines security violations and inefficiencies by conducting periodic audits.
16. Maintains quality service by following organization standards.
17. Implements security improvements by assessing current situation, evaluating trends, anticipating requirements.

Education:

- Knowledge of information security governance frameworks and standards e.g. COBIT, ISO Series, NIST etc.
- Experience in a broad range of security technologies/products, standards and methodologies.
- Experience in the development of security plans, strategies, roadmaps, methodologies and frameworks.
- Information Security industry-standard certifications such as CRISC, CISA, CISM or CISSP would be advantageous

Experience:

10+ Years IT Experience
10+ Years’ experience in Information Security
5+ Years direct incident response, cyber security red team / pen tester experience

Knowledge:

- Cloud Security - IAM, NSG, ASG, ID Federation, VPN’s, IPSec Cloud Security
- Policies, controls, procedures and technologies WAF Implementations OWASP top 10 mitigation approaches
– Service based environments e.g. REST Mastery of Linux/Mac/Windows operating systems
- Network/Wireless Penetration Testing Ability to understand and modify code in a diverse range of programming languages and frameworks
- OO Programming concepts
- Proficiency in cryptographic protocols and cipher suites
- Thorough understanding of network protocols, data on the wire, and covert channels
- Source code reviews.
- Familiarity with penetration testing methodology and standards Deep understanding of Secure SDLC