Regional IT Manager (Operation Security) (Luxury Retail)

Regional IT Manager (Operation Security) (Luxury Retail)

Client Description

Global luxury retail corporation

Job Description

• Manage daily security operation and project activities complying industrial security standards including server, network, mobile technology, and develop baseline security standard with audit logging and monitoring measures.
• Demonstrate the professional security operation capability and act as subject matter expert, who maintain level-3 operation knowledge including documentation, consistency and standards in the company.
• Assist country Service Delivery Managers, regional operation and infrastructure teams, and CISO on daily operation support and lifecycle project management, who also should assume end-to end responsibility over security solution including requirements gathering, solution strategy and roadmap, solution selection, vendor selection, implementation, maintenance and support.
• Act as a partner / advisory to internal IT and business functions with relevant solutions fulfilling business, budgetary and technical requirements to meet current and future needs. Effective and efficient communication skill is essential to deliver these challenging initiatives and to manage activities across IT teams within the APAC region.
• Operation Security - Network components security configuration - Proactive review and conduct necessary configuration change and patching on network components (e.g. Router, Switch, WIFI, etc) to address the vulnerability / Proactive review and initiate Firewall rule refinement / Manage 3rd party Security Operation Center (SOC) as technical authority
• Server components security configuration - Proactive review and conduct necessary configuration change and patching on server components (Windows server, workstation, UNIX, SAN, content filtering system, etc) to address the vulnerability
• Anti-Virus and end point protection configuration - Manage Anti-virus and end point protection configuration / Manage end point encryption software
• Vulnerability Scanning and Penetration Test - Conduct vulnerability scanning and internal penetration test on systems /applications per request / Present and well communicate the findings of penetration test with proactive recommendation to stakeholders
• Incident Response to cyber security incident - Proactive detect and follow up the incident response to cyber security incident / Identify solutions and communicate with internal and external stakeholder to minimize the impact to organization
• Operation Security Status Reporting - Provide regular operation security status report at regional and country level / Provide regular operation security status report by domains (Network, Server, Anti-Virus, content filtering, etc)
• Project Delivery - Assist the delivery of cyber security projects including Network / System / Application layers. Advisory to project teams on emerging security requirements base on network / system / application nature and potential security risk. Security strategy and roadmap engagement with regional and global stakeholders to streamline the planning
• Audit - Response to auditor’s request of security information in internal and external audit. Follow up the auditor’s comment on a timely manner
• Security Governance Management - Establish and maintain governance and communications within IT to reflect security agendas. Work closely with the market and regional IT teams to make sure individual security request and concerns are fully addressed. Responsible for security incident reviews, where the security manager provides consultancy and decisions on behalf of the regional IT Provide financial management support relative to SLA and OLA commitments, including budget planning and optimization, adapted to financial needs. Track change control status
• Vendor Management - Conduct periodic performance and KPI reviews with the security providers based on agreed contractual terms. Keep a solid working relationship with vendors and manage escalations as required. Manage billing, payments and contract negotiation as required. Able to communicate effectively with internal business and IT teams, and effectively make sound management decisions. Coach and lead the service team to constantly challenge self and display professionalism

Job Requirements

• Undergraduate Degrees in Engineering, Computer Science, Information Technology or related technical field
• Certifications in CISSP or CISA,CCNP Security, CEH – Certified Ethical Hacker, ITIL V3 Foundation
• At least 15+ years hands on experience of 7x24 production support on network, infrastructure and application environment with a minimum of 5+ years in security arena and 3+ years in managing the security functions
• Experience with Infrastructure and Application security projects delivery
• Working experience in MNC or retail industry is preferred
• Technical knowledge of current security technologies and security standards of networking, telephony, virtualization, DBMS, Active Directory, Internet, collaboration tools and operating systems.
• Solid experience with networks security, systems security, data security and application security management
• Solid security knowledge of network protocols such as TCP/IP, NTP, SNMP
• In-depth understand on cryptography and solid experience on encryption tool
• Solid experience on administrating of security appliance including ASA Firewall, Forcepoint, Cloudi-fi (Zscaler), etc
• Solid security knowledge to core client technologies, including Microsoft Windows
• Security knowledge working with cloud computing; preferably AWS, Azure
• Solid understanding of security infrastructure technology and an interest in following the trend of security technology evolutions
• Holistic view of system security operations and interfacing with other infrastructure and application teams
• Organized, self-motivated, enthusiastic and proven rapid learning capability
• Good spoken and written English skills, with business level Mandarin as a plus
• Professional presentation capabilities both on paper and verbally
• Proven multi-tasking skills and desire to resolve problems with a positive ‘can-do’ attitude
• Innovative problem solving, design and testing skills with a passion to deliver
• Confidence and flexibility to often work under significant pressure to deliver effective and high quality solutions and designs