Responsible for initiating, managing and monitoring all Security Engineering and Asset Security domains, including security engineering, security architecture, host and network security, secure software development, identity and access management, secure solution implementation, data and information asset security. Lead cybersecurity projects to achieve GC’s cyber resiliency.
Requirements
- Define, implement, assess, and maintain controls necessary to protect the network/internet perimeter in accordance with security requirements
- Manage team resources, including facilitating activities allocation, tracking and adjusting utilization, and ensuring project team members understand and accept their project roles and responsibilities
- Lead and manage project backlog under responsibilities
- Manage the reporting and documentation on quality, standards, and cost of projects under responsibility
- Coach junior engineers regarding project management and technical issues
- Address security throughout the development and acquisition lifecycle
- Develop and maintain a security architecture
- Define, implement, manage and maintain identities and access controls based on identities
- Ensure that system access is maintained in accordance with company policies
- Administer and supports all access management control activities across all infrastructure systems
- Lead and drive cybersecurity technology projects to achieve results in terms of quality, time and cost
- Ensure planning to go-live and deployment activities and facilitate their execution as well as post launch success and continuously identifying key improvement areas
- Provide technical advice on technological innovations and alignment with the cybersecurity strategic objectives of GC and future architectural standards to enhance cybersecurity quality
- Define, implement, assess, and maintain controls necessary to protect software and applications in accordance with security requirements
- Identify potential flaws in application and design countermeasures or mitigations against potential exploitations of programming language weaknesses and vulnerabilities in system and elements
- Define, implement, assess, and maintain controls necessary to protect information and vital assets (including media) in accordance with security requirements (includes privacy requirements, PII, DLP, encryption)
- Ensure data lifecycle is secured
