IT Security Officer
1. General Requirement
a. Provide the central focal point for receiving and handling security advisories (e.g. alerts and vulnerabilities), vulnerabilities and malicious activities, which may potentially compromise ESG’s security composure. (e.g. virus, DDOS attacks etc.)
b. Provide technical advice and recommendations and work with ESG to implement security audits controls, for the various infrastructure services that are hosted in ESG.
c. Keep up-to-date with security threats on all services and respond with the analysis of the threat within the agreed turnaround time.
d. Monitor and track security advisory assessment and recommendation
e. Develop and maintain Security hardening standards and polices
f. 24 x 7 standby support and to go onsite as and when required
g. Monthly security reports include a summary of all the activities that take place in the following areas:
i. Security policies, standards and procedures
ii. Security awareness;
iii. Security incident reporting and management;
iv. Security reviews and audits; and
v. Any other security activities such as Disaster Recovery and Business Continuity Plan Testing, implementation of security technologies and solutions.
vi. Compliance reporting for accounts review, log review, patch review, hardening review etc.
vii. Single Point of Contact (SPOC) for all security audits, including Government Audits e.g. AGO, AIISA, application, infra audits and NCS audits, e.g. IQA, ISO 20k, ISO 27k etc.
viii. End-to-end fronting, tracking and monitoring of the security audit till closure.
2. SECURITY MONITORING AND REVIEW
a. Monitor ESG’s environment so that security intrusions or incidents can be detected immediately for timely incident response measures to be put in place for threat mitigation. This service includes:
i. Receiving, investigating and providing a timely and adequate response to alerts generated by the SOE-Universal Monitoring and Management System (SUMMS), Cyber Watch Center (CWC) Network Intrusion Detection Systems (NIDS) etc;
ii. Detecting intrusions, abuses and anomalies based on correlation of the log events collected;
iii. Providing consolidation of multiple related intrusions, abuses and anomalies occurrences from multiple devices into a single alert;
iv. Prioritising incidents and alerting ESG according to incident response framework;
v. Providing daily monitoring of security alerts and advisories, performing impact analysis and recommending remedial actions to ESG; and
vi. Upon notification of any potential security breach, making the necessary assessment and work with ESG and any other Third Party Vendors appointed by ESG to rectify the situation.
vii. Provide regular yearly security assessments on ESG’s IT Infrastructure and make necessary recommendation(s) for any weaknesses found.
3. Security Consultancy
a. Perform the following scope of work:
i. Weekly review and signing of audit review log
ii. Perform vulnerability scanning for managed systems
iii. Perform penetration scanning for systems
iv. Annually account review exercise
v. Annually firewall review
vi. IT security incident management
vii. Provide consultation services and advice via email
viii. System compliance verification before “go-live” (Server, IIS & DB harden verification)
ix. Security Ops on log analysis
4. SECURITY SCANNING
a. Provide Vulnerability Scanning of all ESG internet-accessible application systems and critical ICT systems. The application software, operating system and network infrastructure shall be scanned according to the frequency shown below:
i. Annually on Application Software
ii. Quarterly on Operation system
iii. Quarterly on Network
b. Provide Annual Penetration Testing on ESG internet-accessible application systems
5. SECURITY INCIDENT MANAGEMENT
a. To track security incidents (such as violations, breaches security weaknesses or system malfunctions) that have IT security impacts on ESG.
b. Assist ESG in carrying out any investigation and provides rectifications when an IT security incident occurs. The responsibilities are:
i. Investigating and managing all parties involved in the recovery from security incidents;
ii. Perform assessment of the reported incident to determine the extent and business impact level;
iii. Escalate IT security incidents to the relevant parties in ESG;
iv. Primary point of contact for investigating, resolving and recovering from IT security incidents, and identifying the root cause of the incident;
v. Prepare incident report for submission to ESG for review and approval;
vi. Track and report the preventive measures required to address an incident and follow-up with the respective parties; and
vii. Recommend and implement, where applicable, the necessary measures to prevent future occurrence.
viii. Adhere and comply to customer/NCS security incident handling and response plan.
ix. Resolve Security Incident accordingly within SLA
6. Monthly Patching
a. Patching of Security Systems and Products
b. Testing of Security systems upon completion of patching
7. Technical Support
a. Provide Security Service Operation Support and administration of security product such as RSA, SPLUNK, etc
a. Information Technology Infrastructure Library ITIL, for their security management, governance framework and operation processes.
b. Internationally-recognised security certifications such as Certified IS Security Professional (CISSP), SAN GIAC certifications, etc
Jobster Pte Ltd (EA License No: 06C5060)