Remediation PMO
Celcom Axiata
AI-generated summary
beta
Oops, looks like Ashley forgot to summarize this job! We apologize for the inconvenience. Please read the complete Job Description for full details and additional information.
Undisclosed
Kuala Lumpur
Full-Time
Job Description
- Discuss and track remediation activities with cross functional teams from application and infrastructure teams across Group Technology (Network, IT, etc.), Digital teams and partners.
- Follow up on security test plans and test cases; present the security pen test findings and interface with stakeholders across various parts of business (e.g. Customer services, Data Analytics, IT, Group Networks, Digital teams, Fraud and Revenue assurance, etc.) Validates security test scenarios across various SDLC phases (e.g., development, reproduction, production) for low- to moderately-complex projects.
- Track the remediation activities by the developers on recommended controls and countermeasures in implementing the required security measures (act as an SME). Provides simulation and retest proof of concept, validations and obtaining evidences for closure.
- Develop adequate retest scenarios.
- Ensure ongoing remediation reports are provided to stakeholders and escalations are performed on timely basis.
- Establish and report on metrics to gauge pen testing effectiveness, progress and key risk areas identified through audits, as well as monitor remediation activities. Propose automation to improve efficiency and effectiveness.
- Ability to provide complete and accurate Celcom Information Infrastructure security knowledge with emphasis on the data / information flows and data handling.
- Protect company assets by helping to develop security strategies; directing system control development and access management, monitoring, control, and evaluation. Perform other duties as assigned.
Job Requirements
Education Qualification:
Bachelor degree holder (IT or related technical preferred) with Information Security knowledge.
- Certified as GIAC Web Application Penetration Tester (GWAPT), GIAC Penetration Tester (GPEN), or Certified Ethical Hacker (CEH)
- CISA / CISM/ CISSP (would be an advantage)
- Experience with commercial application scanning tools such as Fortify or NTOSpider, as well as in-depth knowledge of proxying tools such as Paros, Burp, and WebScarab
- Web application penetration testing experience and familiarity with common penetration testing tools
- Good understanding of Information security related standards and best practices (these include ISO 27001, NIST, CIS, OWASP, etc.)
- Good understanding of Cyber laws and Law enforcement requirements
Years of Experience:
At least 4-7 years working experience in IT Security and or related fields.
- At least 3 years in Penetration Testing
Additional Info
Experience Level
0 - 7 Years of Experience
Job Specialisation
General Project Management, General IT, IT Project Management
Company Profile
Celcom Axiata
Creating awesome moments for YOU!
Some say we are in the business of telecommunications. We prefer to say we are in a ‘Business to deliver awesome customer experience by opening up your worlds’. Because at Celcom, we don’t just connect people to products and services, instead we help people connect with their world of possibilities.
Our purpose? We want to give you awesomeness at every point in your life, be it at home with your loved ones, to build collaboration at work or even reach out to the community as acorporate citizen.
Some say we are in the business of telecommunications. We prefer to say we are in a ‘Business to deliver awesome customer experience by opening up your worlds’. Because at Celcom, we don’t just connect people to products and services, instead we help people connect with their world of possibilities.
Our purpose? We want to give you awesomeness at every point in your life, be it at home with your loved ones, to build collaboration at work or even reach out to the community as acorporate citizen.