INFORMATION SECURITY ANALYST
HORIZON SOFTWARE PTE. LTD.
3 days ago
Posted date3 days ago
N/A
Minimum levelN/A
Key Responsibilities
Develop, implement, and manage the organization's information security strategy, policies, and procedures.
Lead the design and enforcement of security controls to protect systems, networks, and data from cyber threats.
Manage a team of security professionals, providing technical guidance, mentoring, and performance management.
Oversee risk assessments, vulnerability management, penetration testing, and incident response.
Ensure compliance with regulatory requirements, industry standards, and frameworks (e.g., ISO 27001, NIST, GDPR, PCI-DSS, HIPAA).
Collaborate with IT, DevOps, and business teams to embed security into application development and infrastructure design.
Manage security operations center (SOC) activities, including monitoring, threat detection, and escalation.
Define, track, and report security KPIs and risk metrics to senior leadership.
Evaluate, select, and implement security tools and technologies to strengthen organizational defenses.
Lead security awareness and training programs to promote a strong security culture.
Required Technical Skills (Tough Skills)
Cybersecurity & Risk Management: Strong knowledge of threat modeling, risk assessment methodologies, incident response frameworks, and business continuity planning.
Security Technologies: Hands-on expertise with firewalls, IDS/IPS, SIEM (Splunk, QRadar, ELK), EDR/XDR, DLP, IAM, PAM solutions, WAF, and CASB.
Cloud Security: Proficiency in securing workloads on AWS, Azure, and GCP, including IAM, KMS, Cloud Security Posture Management (CSPM).
Application & Network Security: Experience in secure SDLC, DevSecOps practices, vulnerability management, penetration testing tools (Burp Suite, Metasploit, Nessus, Qualys).
Cryptography & Data Protection: Understanding of PKI, SSL/TLS, encryption protocols, key management, tokenization, and data masking.
Governance, Risk & Compliance (GRC): Familiarity with ISO 27001, SOC 2, NIST CSF, COBIT, GDPR, HIPAA, PCI-DSS frameworks.
Incident Response & Forensics: Ability to manage SIEM alerts, digital forensics, malware analysis, and lead response teams during breaches.
Scripting & Automation: Knowledge of Python, PowerShell, or Bash for automating security operations and log analysis.
Good to Have
Security certifications such as CISSP, CISM, CISA, CEH, OSCP, CCSP, ISO 27001 Lead Implementer/Auditor.
Experience in Zero Trust Architecture and container security (Docker, Kubernetes).
Knowledge of threat intelligence platforms and SOC automation (SOAR)
Develop, implement, and manage the organization's information security strategy, policies, and procedures.
Lead the design and enforcement of security controls to protect systems, networks, and data from cyber threats.
Manage a team of security professionals, providing technical guidance, mentoring, and performance management.
Oversee risk assessments, vulnerability management, penetration testing, and incident response.
Ensure compliance with regulatory requirements, industry standards, and frameworks (e.g., ISO 27001, NIST, GDPR, PCI-DSS, HIPAA).
Collaborate with IT, DevOps, and business teams to embed security into application development and infrastructure design.
Manage security operations center (SOC) activities, including monitoring, threat detection, and escalation.
Define, track, and report security KPIs and risk metrics to senior leadership.
Evaluate, select, and implement security tools and technologies to strengthen organizational defenses.
Lead security awareness and training programs to promote a strong security culture.
Required Technical Skills (Tough Skills)
Cybersecurity & Risk Management: Strong knowledge of threat modeling, risk assessment methodologies, incident response frameworks, and business continuity planning.
Security Technologies: Hands-on expertise with firewalls, IDS/IPS, SIEM (Splunk, QRadar, ELK), EDR/XDR, DLP, IAM, PAM solutions, WAF, and CASB.
Cloud Security: Proficiency in securing workloads on AWS, Azure, and GCP, including IAM, KMS, Cloud Security Posture Management (CSPM).
Application & Network Security: Experience in secure SDLC, DevSecOps practices, vulnerability management, penetration testing tools (Burp Suite, Metasploit, Nessus, Qualys).
Cryptography & Data Protection: Understanding of PKI, SSL/TLS, encryption protocols, key management, tokenization, and data masking.
Governance, Risk & Compliance (GRC): Familiarity with ISO 27001, SOC 2, NIST CSF, COBIT, GDPR, HIPAA, PCI-DSS frameworks.
Incident Response & Forensics: Ability to manage SIEM alerts, digital forensics, malware analysis, and lead response teams during breaches.
Scripting & Automation: Knowledge of Python, PowerShell, or Bash for automating security operations and log analysis.
Good to Have
Security certifications such as CISSP, CISM, CISA, CEH, OSCP, CCSP, ISO 27001 Lead Implementer/Auditor.
Experience in Zero Trust Architecture and container security (Docker, Kubernetes).
Knowledge of threat intelligence platforms and SOC automation (SOAR)
JOB SUMMARY
INFORMATION SECURITY ANALYST
HORIZON SOFTWARE PTE. LTD.
Singapore
3 days ago
N/A
Contract / Freelance / Self-employed
INFORMATION SECURITY ANALYST