IT Security & Compliance Assistant Manager

IT Security & Compliance Assistant Manager page is loaded## IT Security & Compliance Assistant Managerlocations:

Indonesia - Jakarta - Pacific Century Placetime type:

Full timeposted on:

Posted Todayjob requisition id:

JR-0025682**About FWD Group**FWD Group (1828.HK) is a pan-Asian life and health insurance business that serves approximately 34 million customers across 10 markets, including BRI Life in Indonesia. FWD’s customer-led and tech-enabled approach aims to deliver innovative propositions, easy-to-understand products and a simpler insurance experience. Established in 2013, the company operates in some of the fastest-growing insurance markets in the world with a vision of changing the way people feel about insurance. FWD Group is listed on the main board of the Hong Kong Stock Exchange under the stock code 1828.For more information, please visitPT FWD Insurance Indonesia (“FWD Insurance”), a joint-venture insurance company and a part of FWD Group, previously known as PT Commonwealth Life, has successfully merged with PT FWD Life Indonesia (“FWD Life”) as of 1 December 2020 and will be known as FWD Insurance.The merger of FWD Life and FWD Insurance has led to a more comprehensive range of products, including unit-linked insurance, individual & group term life insurance, individual & group personal accident insurance, and group medical insurance through technology driven-distributions such as agency, bancassurance, e-commerce, and corporate.FWD Insurance is registered and supervised under Otoritas Jasa Keuangan (“OJK”).FWD Insurance is a member of Indonesia Financial Services Alternative Dispute Resolution Center.IT Security & Compliance is responsible for project to ensure security practices and technology are deployed and aligned. The increasing threats on information security & governance, has put pressure on IT to ensure continuity while serving the complex business needs. Support assigned Local or group IT Security Project.**Key Responsibilities*** Review the security compliance during project initiation, implementation, coordination and reporting as assignedDefine an integrated Data Protection Framework consisting of policies, standards and guidelines aligned to industry & regulatory requirements* Review and validate Information Security Review in order to make sure new provisioned system align with company standard and regulation* Review and analyze Firewall Rule to ensure there’s no violation rule* Prepare, Plan and conduct ISO27001 Audit to make sure our company align with international standard industry and regulatory requirement* Plan and implement system with group to prevent, detect, react and remediate information security events* Review of logs, forms, reports, and other incident documentation* Review Information Security related project to identify business and technical security requirements, design security controls and test their effectiveness ensuring the product implemented address both business and security needs.* As part of the governance process, assist BISO to review and assess the Security Configuration Baseline for OS and Patch level of various IT systems and components to ensure compliance to FWD Policies and Standard.* Work closely with IT Infra & IT Developer team in local to manage and remediate pen-test application and infrastructure* Work closely with related parties to plan and implement Security Initiative Changes* Work closely with IT Infra and IT Developers to manage and provide web application certificate to ensure our website are trusted and secure* Plan and manage execution of IT key strategic initiatives and deliver supports for key business initiatives/projects* Work closely with IT Developer Team to make sure no critical vulnerability when developing apps# Key Qualifications* Minimum 5 years of experience in IT Security & Compliance.* Bachelor’s Degree in Information Technology or a related field.* Proficient in using Intune, Black Duck, and Coverity for source code security reviews.* Strong knowledge in incident detection, analysis, response, and remediation of security events.* Experience in engineering, configuration, and troubleshooting of security systems.* Familiarity with ISO 27001 and PCI-DSS is an advantage.* Good understanding of endpoint protection, including servers, laptops, PCs, and firewalls.* Strong knowledge of Next-Generation Firewalls (NGFW), Security Information and Event Management (SIEM), and Web Application Firewalls (WAF).* Knowledge of cloud computing is an advantage.* Fluent in verbal and written English. #J-18808-Ljbffr