Technology Information Security Officer (TISO)
ABOUT THE COMPANY
A leading organisation in the Healthcare Technology sector, transforming healthcare through smart technology and latest innovations. The company who value talents, who promotes talents achieving career progression.
Role and Responsibilities of TISO
- Provide guidance to the Product Group in ensuring that projects/ systems comply with security policies and the relevant legal and regulatory frameworks (such as PDPA or Cybersecurity Act) throughout the product lifecycle.
- Perform adequate risk management, including identification, assessment and provide treatment of security risks associated with systems handled by the Product Group. Risk assessment has to be performed in accordance with the organisation's cybersecurity risk management framework.
- Provide guidance to the Product Group related to vulnerability assessments, source code review and penetration tests so that remediation actions can be undertaken by Product Group within the agreed timelines.
- Provide security consulting and advisory to the Product Group/ESC Group/Infrastructure Services Group.
- Review RFP proposal compliance with RFP security requirements.
- Review architecture design developed by Solution Architect and Security Architect
- Perform cybersecurity assurance activities across the different stages of SDLC.
- Evaluate risks related to third-party vendor and products and identify mitigating measures.
- Perform independent assessments of the technical security controls implemented within the system to determine the overall effectiveness of the controls.
- Participate as active member in review panel of Solution Review Board (SRB).
Requirements / Qualifications
- Degree in Computer Science, Information Systems, Engineering or equivalent.
- At least 10 years of IT security experience in areas of security governance, risk management, application security design, security project management or security operation.
- Strong risk management and risk articulation skills.
- Professional security certification is preferable, such as CISSP, CISM, CISA or other similar security certifications.
- Self-motivated with the ability to work independently and as a team member with minimal direction
- Strong interpersonal and stakeholder management skills.
- Good written and communication skills.
MORGAN MCKINLEY PTE LTD
EA Licence No: 11C5502
Registration No: R1876903
Registration Name: Shalu Surana