We are looking for a motivated cybersecurity professional to support the firm's information security and risk management initiatives. Reporting to Deputy Head, Group Technology, this role plays a key part in safeguarding Providend and the Group company's systems, data, and digital platforms in a highly regulated financial environment. You will design, implement, and maintain security controls across our infrastructure, applications, and cloud services; administer and optimize our Microsoft 365 Defender and CrowdStrike Falcon platforms; and lead incident response activities. Working closely with IT, applications, and business teams, you will help translate security policies into practical guardrails, support regulatory compliance (MAS, PDPA), and drive a strong culture of cyber awareness across the firm.

The main functions of this position include but are not limited to the following:

• Assist in the development and maintenance of security related documentation (i.e. cybersecurity policies, procedures, playbooks, SOPs) and security guardrails
• Support the deployment, maintenance, and review of security tools (e.g., firewalls, SIEM, antivirus, IDS/IPS)
• Work with network and infrastructure personnels to understand current setups and assist in implementing basic security configurations and controls
• Assess and enhance security controls across infrastructure and applications
• Participate in security risk assessments, vulnerability scans, and audits
• Collaborate with application and other IT teams to implement security controls and mitigate risks
• Administer, secure, and optimize Microsoft 365 (Defender suite, Defender for Endpoint, Defender for Office 365) and CrowdStrike Falcon EDR platforms
• Monitor, triage, and respond to security incidents via SIEM, EDR, and security dashboards
• Take charge of security incidents, execute incident response procedures, and produce incident reports
• Work with third parties on cybersecurity assessment activities e.g. VAPT and WAPT
• Implement and uphold access controls, MFA, password policies, encryption, and privileged account management in line with internal IT/security policies
• Enforce compliance with MAS, PDPA, and internal data classification protocols for all information assets (SharePoint, OneDrive, Exchange, etc.)
• Stay informed on cybersecurity trends, threats, and best practices - especially in financial domain
• Conduct regular audits of systems, access, logs, and backups in accordance with company policy
• Support deployment and continuous improvement of SaaS/cloud platforms with security best practices
• Deliver cybersecurity awareness training to staff and champion a culture of cyber vigilance.
• Any other ad-hoc duties assigned by supervisor

Job Requirements

To be successful in this position, you will be someone who:

• Diploma or Degree in Computer Science, Information Security, Information Systems, or related discipline
• 3-5 years of experience in cybersecurity operations, security engineering, or related IT security roles
• Experience in financial services or regulated industries is an advantage
• One or more relevant certifications (Preferred) such as:
• Microsoft 365 Certified: Security Administrator Associate / Cybersecurity Architect
• CrowdStrike CCFA/CCFR (or similar EDR certifications)
• CompTIA Security+, CySA+, CEH
• CISSP, CISM or equivalent (nice to have, not mandatory for mid-level)
• Good written and verbal communication skills
• Can-do attitude, good posture, problem solving mindset
• Initiative, drive and exceptional attention to details
• Tenacious and possesses a strong work ethic
• An independent worker, able to work without much guidance
• A strong team player
• Excellent organizational, problem-solving and multi-tasking skills

Desirable Technical Skills

• Foundational understanding of networking principles and protocols (TCP/IP, routing basics, firewalls, VPN, Encryption)
• Familiarity with security tools (e.g., SIEM, antivirus, firewall, vulnerability scanner)
• SIEM, EDR, firewall, IDS/IPS, and antivirus tools
• Microsoft 365 security and identity controls
• Incident response and vulnerability management
• Network and infrastructure security fundamentals
• Cloud/SaaS security best practices
• Entry-level cybersecurity certification (any of the following preferred): CompTIA Security+, Cisco Cyber Ops Associate
• Networking certification (optional but advantageous): Cisco CCNA, CCNP or equivalent
• Exposure to scripting or automation (Python, PowerShell) is a plus