Overview
Senior Manager, Group Application Security Jobs in WP. Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia at iForte Group
Title: Senior Manager, Group Application Security
Company: iForte Group
Location: WP. Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia
Attached are the job description for the role: Senior Manager, Group Application Security.
PURPOSE
Act as the technical subject matter expert in leading, developing, driving and implementing the DevSecOps capability as well as the internal secure code trainings for the FWD Group including all Business Units.
To contribute strategically to the continuous enhancement of the Application Security process by automating iterative enhancements to the overall approach, workflow, scope and implementation in alignment with the needs of Group Information Security’s customers and according to the changing technical, regulatory and business environment.
KEY ACCOUNTABILITIES
Design and drive the definition, implementation and continuous enhancement of DevSecOps capability, solutions and operational framework by partnering with all Business Units’ stakeholders in a multi-disciplined team structure and to ensure complete coverage across a variety of projects.
Identify, introduce and implement with the Business Units the latest application security testing tools such as DAST, SCA/OSS, Container Security in their entire development cycles.
Drive awareness and support to Group IT Security, Group IT and Business Units IT, to bring cultural change in the adoption of DevSecOps practices and solutions, as well as their implications across the organization.
Act as a Subject Matter Expert for all application security aspects of all projects and, in doing so, facilitate the efficient and secure delivery of those projects.
Identify technical risks as result of the security reviews, ensure these risks are reported to the appropriate risk team(s) to track remediation within the agreed timeframes.
Initiate and evaluate projects, to build and enhance new capabilities in FWD, that related to Identify, Protect, Detect, Respond and Recover to technical risks.
Align security reviews to FWD Group Information Security and overall IT Strategy needs.
Manage allocated resources to deliver the security reviews (either internal FWD staff or vendors).
Provide expertise to Business Units when needed, in building local IT Security Application related solution.
Support the Head of IT Security Engineering in defining and maintaining the IT Security Engineering framework as well as providing regular management reporting.
KEY PERFORMANCE INDICATORS
Successful delivery of all the implementation of Security tools as part of DevSecOps program across markets.
Deliver a consultative service to all stakeholders involved with the information security and, in doing so, provide a measurable benefit to the Group’s IT projects in terms of their successful, timely and secure delivery.
The timely identification of key risks leading to their successful remediation without undue delay to the delivery of business objectives.
Successful delivery and implementation of Bug Bounty program for all critical applications within FWD Group including all Business Units.
EXTERNAL & INTERNAL CONTACTS
Group Head of Application Security
Group CISO
Business Units IT Security Teams
Group and Business Units Chief of Technology and Operations
Group and Business Units IT & Operations
Group and Business Units Internal Audit
External Auditors
Vendors and/or Service Providers
QUALIFICATIONS / EXPERIENCE
University degree from _ Information Technology or equivalent discipline
Minimum 8 years working experience in IT Securit…