Technology Information Security Officer
ABOUT THE COMPANY
A leading organisation in the Healthcare Technology sector, transforming healthcare through smart technology and latest innovations. The company who value talents, who promotes talents achieving career progression.
ABOUT THE JOB
In this role, you will lead the Information Security for a Product Group and report to the Product Group Head. You are responsible to ensure that cybersecurity is properly implemented into the product development life cycle of all initiatives through design and building security in every phase of the development cycle to minimise system vulnerabilities and reduce the attack surface.
Roles and Responsibilities
- Provide security consulting for the Product Group initiatives to ensure that security risks are identified, communicated to relevant stakeholders, and mitigated to acceptable levels, and to ensure alignment with products' security requirements.
- Ensure that cybersecurity controls are considered during product design, identify the appropriate solutions and measures, and ensure they are implemented in each phase of the development lifecycle.
- Ensure that the Product Group projects/ systems are compliant with information security policies, and the relevant legal and regulatory frameworks throughout the product lifecycle.
- Track and monitor deviations from information security policies and standards, and identify mitigating controls to reduce risks in products.
- Provide oversight of product-related cybersecurity risks. Ensure that the Product Group performs risk assessments in accordance with the established cybersecurity risk management framework.
- Evaluate risks of third-party vendor products and provide solutions and measures to ensure compliance with the established information security policies.
- Provide security oversight on third-party vendors for outsourced product development and/or maintenance.
- Implement security-related processes and procedures, including secure-by-design methodology, applications secure coding practices, patch management processes, identify and assess management processes, etc.
- Implement appropriate tools such as application security testing and code scanning tools to assist software developers in Product Group to secure web, mobile and enterprise applications.
- Support investigations into cybersecurity incidents, including root cause analysis and post-incident review.
How to Succeed
- Degree in Computer Science, Information Systems, Engineering or equivalent.
- At least 10 years of IT security experience in the area of application security design, security consultants for large-scale system development projects, and/or IT security compliance and assurance.
- Familiar with common SDLC models (such as waterfall model and agile), security-by-design concepts and implementation, and common information security management frameworks, such as ISO/IEC 27001, NIST Cybersecurity Framework.
- Experience in software assurance practices such as SAFECode, and/or SAMM.
- Professional security certification is desirable, such as CISSP, CISM, CISA or other similar credentials.
- Self-motivated with strong interpersonal and stakeholder management skills.
- Analytical, effective communicator and able to work independently
MORGAN MCKINLEY PTE LTD
EA Licence No: 11C5502
Registration No: R1876903
Registration Name: Shalu Surana