Job Summary
Implement and oversee Sparrow's IT security operations framework, including security operations role definitions, monitoring, incident and event management, privileged access management, and overall security architecture. Ensure compliance with industry standards and regulatory requirements.
Job Responsibilities
· Define and implement IT security operations framework for the company, including security operations role definitions, monitoring, incident and event management, privileged access management, and overall security architecture
· Collaborate with IT management to implement appropriate segregation of duties in compliance with industry best practices
· Create and promote a strong security culture throughout the organization
· Define, implement, document, and conduct reviews on Sparrow's Information Security Policies and Procedures, Information Security Risk Management, and Change Management
· Ensure compliance with information security policies and procedures among employees, contractors, partners, and other third parties
· Work with business units, vendors, IT application, and infrastructure teams during the software development lifecycle to ensure adequate security controls are in place
· Apply risk management practices in an operational environment, including audit procedures/controls and systems hardening
· Perform information security risk assessments and serve as the internal auditor for information security processes
· Review all system-related information security plans throughout the organization's network
· Respond to security incidents, conduct investigations, and recommend appropriate follow-up actions
· Work closely with SOC and development teams to ensure end-to-end security implementation, audit, and MAS regulatory compliance.
Skills & Qualifications
· Expert knowledge of Information Security Standards (ISO 17799/ISO 27002 & ISO 27001), Payment Card Industry Data Security Standards (PCIDSS), and MAS Technology Risk Management Guidelines (TRM)
· Bachelor's degree in Computer Science, Computer Engineering, or a relevant qualification
· Certifications in CISSP, CISA, CISM, ISACA, or equivalent
· At least 5 years of Information Technology experience, including 2 years in managing IT Security Operations
· Fluency in both English and Mandarin