- Should possess a BSc Degree in IT/Information security/Telecommunication from a recognized university/institute
- Minimum 2 years of experience in the fields of Information security or Telecommunication
- Information security related certifications and product specific certifications will be an added advantage
- Operationalize security frameworks, security standards such as NIST CSF, ISO 27001 within Group Technology portfolio and prepare progress reports and prepare issue lists/risks and present/update them to Group Risk & Compliance division and management to take appropriate actions
- Facilitate the internal security audits and external security audits and prepare plans and take necessary actions to implement improvement requirements.
- Assist in preparing security related policies, procedures, processes within Group technology portfolio in coordination with Group risk and compliance division
- Responsible for operationalizing security processes/ procedures published by Axiata corporate office, the Group risk and compliance division & Group IT
- Responsible for planning and performing tool-based vulnerability assessment scans for all assets within Group technology portfolio and identify security vulnerabilities in timely manner
- Assess vulnerabilities in signaling protocols such as SS7, Diameter, GTP, SIP and user plane / data plane of telco network, network management & monitoring layer, services layer of all Telco network domains by means of security assessments/penetrations testing
- Responsible for identifying remediation and protective measures for identified vulnerabilities and weaknesses and responsible for implementing remediation and protective measures with the support of system owners. Follow up, track progress, solve issues with internal teams and system vendors with regards to vulnerability remediation.
- Report progress, issues, risks and improvements of vulnerability assessment and remediation process to the management, Axiata and Group risk compliance division
- Responsible for identifying and assessing security risks in different domains and layers in Telco network and inform them in timely manner to the management, Group risk compliance team and Axiata and ensure proper risk mitigation measures/plan/actions are in place
- Assess security hardening level/compliance of systems/nodes in Group Tech against security hardening benchmarks such as Minimum Baseline security standards and fulfill the gaps in security hardening by implementing required controls/measures with the support of system owner divisions and system vendors.
- Provide 2nd level support for troubleshooting, root cause analysis and resolution of security issues/incidents in Group Technology portfolio
- Provide inputs to RFP’s and product evaluations and recommendations on implementation of products and services for systems and network security.
- Carry out Security Related Projects and Product Deployment with external vendors managing the project till completion
- Provide security consultation for evaluating and approving security aspects relevant to new solutions, new projects, changes in existing network and architecture of different domains of the Group technology division.
- Conduct security awareness trainings to improve security knowledge of the staff. Act as a point of contact for all security-related concerns pertaining to Group technology division