To carry out technical vulnerability assessments of IT systems and processes, identifying potential vulnerabilities, to make recommendations to control any risks identified and to ensure they are implemented. To respond rapidly and effectively to IT security incidents, managing them in a professional manor including computer forensics for evidence gathering and preservation. Lead the design, implementation, operation and maintenance of the information Security Management System based on ISO27001/27002, PCI-DSS and FISMA standards. Manage IT compliance, security and internal control audits using the NIST 800-53 framework. Review and update IT policies, standards and procedures and provide guidance on their adequacy and compliance with existing guidelines and regulatory requirements. Identify areas of opportunity for increased process, control efficiencies and make change recommendation to management. Assist management in the identification and assessment of technology related risks and report on the adequacy of risk-based control. Coordinate with quality team to ensure appropriate tracking and remediation if any audit findings. Support the Corporate Office of Internal Audit and external auditors throughout their audit engagements. Ensure up-to-date system and software patches, virus definition, web filtering and application control signature at firewall level. Manage internal and remote access to company resources, securing data transfer and granting the right user access. Track and monitor all security threat, intrusions, vulnerability, worm attacks and file as incidents. Support the development of strong security and compliance culture. An understanding of operating system internals and network protocols. Any other duties as assigned by the superior/management to you from time to time.