Cyber Security Solution and Advisory We are now ONE! #CelcomDigi Celcom and Digi have merged with the aim to create Malaysia's most inspiring telco-tech company, building on two well-loved brands with over six decades of combined strengths in innovation and connecting Malaysians. In this role at CelcomDigi , you will be key senior role within CelcomDigi EIS team and is responsible for developing the Enterprise-wide specific Security Solution and to provide SME knowledge in respect to the functionality of the solutions, design principle, dependencies, limitations, etc under Cybersecurity Planning Centre function. This role also plays a vital part in the solution and advisory of CelcomDigi fundamental infrastructure and processes to ensure security risks related to technology adoption are addressed and managed appropriately. This is a Security Advisory evaluate existing security systems to determine the potential risk of a breach. The consultant develops policies and procedures that minimize the risk to properties, employees, and computer systems. Consultants may also provide evaluations and assessments in collaboration with 3rd party solution/ product normalization for the security business. These consultants may work independently, providing security architecture solution evaluations on a security projects /strategy and govern the programs from security services domain perspective. Security consultants may evaluate and recommend the best security tool/technology/process align with security best practices and standards from Digi security strategy and guideline to protect the environment. Division / Department : Technology / Cybersecurity Planning Centre Location : HUB- Lot 10, Subang Hi Tech, Shah Alam Will report to : Cybersecurity Solution and Delivery Head of Unit You are : Adaptable and fast. able to quickly learn a new tool to get the job done based on the security project requirements. You are self-driven, motivated, resourceful, and able to solve complex security related technology and solutioning related technical problems. Experience in Telecommunications, Managed Security IT & TELCO infrastructure planning, development, operations, and technical/security project management across multiple MNC organizations. Able to understand work with cross function and group, third party service provider and internal engagement for consulting, projects, audit and assessments organization. You are obsessed with quality and adopt strong risk-based approach on design and implement the best practices NIST, Defendable Architecture security solutions for an organization's needs. Your Responsibilities : Provide advisory and solution technically according to multiple security framework. Actively involve security project and developers to ensure delivery quality. Identify the gaps and improve overall security risk and solution and planning. You will be part of group security team working alongside product manager, technical lead, and developers. Participate in security technical design and solution with Security Architecture & technical Lead. Participate in Security Strategy, solution & planning, and architecture & solution requirements. Develop Security by Design Solutions IT, Network, Cloud, EUC, DevSecOps and Solutions advisory. Perform Security Tools capacity planning and provide Security Risk Advisory. Involve in 3rd Party solution / product normalization and develop Security solutions documentations. Collaborate with project planning team to ensure that overall CelcomDigi Information Security governance is achieved in the areas across division of the CelcomDigi whole company. Assess, identify, and document the technical CelcomDigi Information Security controls for technologies deployed within the CelcomDigi Information Security portfolio. Provide complete and accurate CelcomDigi Information Infrastructure security knowledge with emphasis on the technical integration capabilities and placement of specific CelcomDigi Information Security products and / or technology with new and existing architecture, more specifically products and solutions within the core Telecom space. Provide some advice in relation to the convergence of networks and systems from a technical, product and process perspective. Identify and propose technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks. Lead and execute complex CelcomDigi Information security projects inclusive preparation of RFI/ RFQ and RFP, evaluations, vendor engagements and utilize project management skills to achieve the goals. Contributes to preparing budgets for the solutions and provide inputs for the yearly organization budgets business plan. Ability to provide complete and accurate CelcomDigi Information Infrastructure security knowledge with emphasis on the technical integration capabilities and placement of specific CelcomDigi Information Security products and / or technology with new and existing architecture, more specifically products and solutions within the Enterprise space. Experience and Requirements : At least 7-10 years working experience in IT Security and or related fields. At least 7 years of Information Security Solutioning. Significant technical and conceptual knowledge and experience of security across a wide range of infrastructures and systems ie: LAN, WAN and Internet networking technology, OS, database and application concept, security solutions such as IPS, firewall and WAF. Sound understanding of the latest threat landscape and the technologies that need to be in place to mitigate these threats. Develop Security baseline development & adoption. Security Liaison for Solution, Advisory, IM, Privacy Team, across BU & Manage Third Party Vendor, MSP Management. Your Merits : Bachelor's degree in, Computer Science OR equivalent through experience. At least 4 to 7 years' experience Security Solutioning and advisory security products and technology (Splunk, WAF, F5, Fireeye, CS, Arcsight, Palo Alto, PAM & IAM, DLP,) and subject matter expert in security designing. Experience Cloud Security Architect or/and DevSecOps will be added advantage. Experience in Telco Security will be added advantage. Experience in NAC, IDS/IPS, Firewall and Network Security, Data Protection, Secured Infrastructure METDR, End Point Security. Vast experience in handling Security product and technology planning & Solutioning consultation. CISSP, CCSP, CPSP, ITILV4, Vendor based certification, TOGAF, CRSTA is added advantage. Must show in-depth understanding of concepts such as ITIL, ISF, NIST, ISO 27001, ISO 31000, PCI DSS, APT, VAPT, cyber kill chain, etc. Excellent in written and oral English.
