ASG Security

  • As per market
  • Kuala Lumpur, Malaysia
  • Permanent, Full time
  • Tata Consultancy Services Asia Pacific Pte. Ltd
  • 16 Jan 17

5. Cyber Security Projects To perform study, technical due diligence, proof-of-concept with OEM. To prepare technical details/ specifications, technical comparisons and recommendations based on the study To prepare implementation and deployment strategy To propose change management strategy To prepare comprehensive report of the study and prepare presentation slide to stakeholders Projects (Dec 2016 – Dec 2017): i. Network Access Control (NAC) ii. Security for Virtualization iii. Super User Privilege Management/ Privilege Access Management iv. Data Erasure v. Data Leakage Protection (DLP) vi. Database Activity Monitoring (DAM) vii. Database Encryption viii. Public Key Infrastructure (PKI)

~~Job Description
A professional at this position level must have the following responsibilities:

1. Provide advisory on cyber security technologies, trends, processes
2. Propose suitable solutions, standards, policies, processes for cyber security in utility industry and aligned with TNB’s business objectives
3. Keep updated with the latest cyber security trends and technologies in general and in utility industry.

Areas of expertise:
1. Cyber Security Program Planning
To provide oversight and daily maintenance of cyber security projects:
a. Manage cyber security initiatives’ scope,
b. Assist with estimation of the needed resources,
c. Create project schedules, RACI matrix and milestones,
d. Support creation of project specifications and documentation,
e. Manage initiative consulting resources,
f. Budget analysis and control,
g. Support procurements,
h. Managing initiative risk

2. IT Governance, Risk and Compliance (ITGRC)

To implement an IT-GRC platform to provide automation support for cyber security program metrics collection, reporting and analysis:
i. Define GRC metrics, reporting framework and processes that will be in scope of the GRC solution
ii. Plan; select and acquire IT-GRC platform and implementation services in support of the deployment planning, design and implementation
iii. Complete planning and design, including: interfaces for data collection to cyber security systems such as the vulnerability monitoring/workflow platform and SIEM
iv. Develop the proper dashboards and outputs to governance and management forums, workgroups and committees.

3. Security Baseline and Compliance

To establish Minimum Security Baseline (MSB) requirements for ICT and OT components;
To establish standards, process and procedures to for governance over MSB compliance; and
To implement monitoring and MSB compliance reporting automation in MSB compliance management/workflow platform
 
Detail activities:
i. Definition of MSB requirements by evaluating and refining existing configurations and MSB requirements for ICT & OT applications, end points (e.g., server, workstation, mobile device), networking components
ii. Process and procedure definition to enforce accountability for compliance against MSB requirements
iii. Automation of regular MSB compliance monitoring, reporting to support governance process
iv. Document MSB compliance reporting requirements
v. Definition of MSB compliance reporting & governance process
vi. Assessment report on ability and ease of integration of existing security configuration management tools

4. Vulnerability and Patch Management Program Design

To review and update for the design of processes to manage vulnerability remediation and security patch deployment for ICT and OT environments. The project also encompasses: (1) establishing standards, process and procedures to for governance over patching and vulnerability remediation compliance; and (2) automating remediation compliance reporting.