Infrastructure Security Specialist

Sopra Steria is a listed European tech leader specializes in Consulting, Digital Service, and Software. We have 50,000 employees worldwide located in different regions (Europe, North America and Asia), whereby Singapore is the HQ for APAC. EvaGroup Asia Pacific is part of Sopra Steria I2S APAC, in charge of Infrastructure, Cloud and Cybersecurity services.

Responsibilities

• Work closely with SOC, CERT and other security teams and Infrastructure skill teams in daily operation and review security requirements
• Exception management: Evaluate and manage infrastructure security exceptions
• Vulnerability management: Conduct scan, assessment and remediation follow-up
• Incident management: Report and follow security incidents and their remedial actions
• Request / Change management: Conduct security assessment for infrastructure request & changes
• Review security architecture proposed by other infrastructure teams
• Deliver innovation initiative to improve overall infrastructure security and efficiency
• Manage and execute the Infrastructure related security projects
• Be the security Interface with stakeholders at all levels, from technical engineers to senior management
• locally, regionally and globally
• Work closely with other risk and security departments, including all 3 lines of defence
• Cyber reporting: Production of various cyber security reporting (KPIs; KRIs). Coordinate among
• Infrastructure teams to contribute to external stakeholders reporting and requests
• Conduct security & risk awareness training to the Infrastructure teams

Requirements

Knowledge

• Knowledge and hands-on experiences in IT, Infrastructure and information security
• Knowledge and experience in IT infrastructure (speak the language, expertise not required)
• Knowledge in technology regulatory requirement like HKMA, SFC, MAS, GDPR, CBIRC, etc. is required
• Project management experience is desired
• Knowledge and experience in a banking environment will be beneficial but not essential
• Knowledge in the MITRE ATT&CK framework and hands-on experience on security incident investigation processes & techniques
• Security knowledge in the Public Cloud, development and specific Infrastructure domains are a plus
• Professional certification recognized by Regulatory bodies like HKMA, e.g. CISM, CISA or CISSP, is mandatory

Tools

• Hands on knowledge on Security Products/tools such as Identity Management Solution, SIEM, vulnerability management and other security products
• Scripting and automation skills is a plus

Soft Skills

• 3 - 5 years relevant experience
• Able to organize time, multitask, and define priorities (autonomy)
• Able to interact with all level of the organization from operators to executive management members
• Must be able to work collaboratively within a complex organization, across multiple cultures, geographies and disciplines
• Good communication and interpersonal skills
• English proficiency is essential, other spoken languages in the APAC region or French is an advantage