• Provide advisory, risk assessment and security assessment for IT projects follows Prudential Secure SDLC and DevSecOps requirements.
• Consult with business users, application developers, systems administrators and management to demonstrate security testing results, explain the threat/risk presented by the results, and consult on remediation.
• Liaise with vendor in the annual an ad-hoc penetration testing schedule to ensure proper budgeting by business lines.
• Take part in and ensure the completeness of the annual Application Security training program.
• Review and monitor vendor’s security service and deliverable.
• Regularly perform compliance assessment on regional policies, standards and drive remediation of control gaps.
• Take part in the implementation of security programs within the local business.
• Foster and maintain relationships with key stakeholders and business partners
• Champion both local & regional IT security initiatives to completion.
• Liaise with internal and external auditors and regulators to ensure all audit and compliance findings are adequately remediated across the business unit.
• Incident management and response.
• Other duties as assigned
• University degree in Computer Science or technology related disciplines
• A minimum of 5 years of relevant experience in IT Security or Information Security (Technical)
• At least 3 years’ experience in Application Security or penetration testing required.
Knowledge and skill
• Broad knowledge of security domains, trends, and technologies (such as threat and vulnerability management, identity & access management, web application security, data loss prevention, encryption).
• In-depth knowledge of application development processes and at least one programming or scripting language (e.g., Java, DotNet, Python, Bash, etc.).
• Hands-on experience with testing frameworks such as the PTES and OWASP for Web and mobile application.
• Familiar with Cloud-native application, API security, Container.
• Extensive experience with security testing tools (e.g., SAST, DAST, OSS vulnerability testing, Container Security, RASP) embedded within DevSecOps and support CI/CD pipeline
• Applicable knowledge of Windows client/server, Unix/Linux systems.
• Experience with Cloud technologies in AWS, Azure, or Google Cloud.
• Professional qualifications such as CEH, OSCP, GWAPT preferred.
• Knowledge of risk management principles.
• Ability to manage relationships at various levels within the organization
• Ability to influence and resolve conflict through timely and transparent communications.
• Ability to work under pressure