John Keells Holdings PLC
Job description
Cyber Security Engineer
Union Assurance is a leading corporate and one of the fastest growing entities in the Life Insurance industry backed by the strength and stability of John Keells Holdings PLC, one of Sri Lanka’s largest conglomerates. For the 9th consecutive year, the company has received the GPTW certification as a ‘Best Employer Brand,’ and in 2020 was awarded the ‘Global Employer Brand’ by the World HRD Congress.
The Job Role:
A unique opportunity exists for a professional with a passion for Cybersecurity. In this role, you will be eliminating vulnerabilities and risk in networks, software systems and data centers with ongoing vulnerability scans, monitoring network data, and ensuring hardware and software applications are updated
Principle Accountabilities:
• Execute comprehensive enterprise information security and IT risk management program to ensure effective controls based on ISO 27001 and CIS are present to protect company assets
• Manage the continuous maintenance of the IT network, servers, user identity and devices to ensuring optimum security levels are maintained.
• Implement and manage security infrastructure firewalls, Secure Access Service Edge for the company’s users.
• Vulnerability assessment and Penetration testing of applications and perimeter using tools such as OWASP ZAP, support DevSecOps process.
• Analyze IT security threats in real-time and mitigate the threats; secure configuration of all IT assets.
• Ensure that newly-acquired technology complies with the IT security regulations and conduct regular vulnerability assessments on all online resources and present periodic updates on IT network security to the board audit committee to ensure no internal breaches or misuse of data take place.
• Responsible for managing information system security incidents, including investigation, recovery and prevention works.
• Participate in architectural discussions to work through risk, security, and compliance concerns and give inputs for architecture decisions on all aspects of security solutions.
• Attend training session to broaden and master skillset into advanced and emerging areas of cybersecurity.
• Assist in preparing training material for employees on cybersecurity, its threats and countermeasures
• Provide updates as required to Compliance Steercos & complete assigned actions items so as to avoid nonconformities
Qualifications and Experience
• Bachelor’s degree with Information Technology specialization.
• 2- 3 years of experience in similar capacity
• Experience in conducting or participating in any application security penetration testing
• Professional qualifications from following professional bodies ISACA; (ISC)2; or Global Information Assurance Certification (GIAC).
• Understanding of controls and frameworks and sound knowledge in network security controls, operating systems and incident response management.
• Good planning & organizing skill, quality focus and Attention to detail is mandatory.
The selected candidate for the above position will be entitled to an attractive remuneration package. Applicants who are interested are encouraged to apply on or before 05th July 2024.