IT Manager - Operation Security (Luxury Retail, Regional)

• The Security Manager will manage daily security operation and project activities complying industrial security standards including server, network, mobile technology, and develop baseline security standard with audit logging and monitoring measures.
• The role should demonstrate the professional security operation capability and act as subject matter expert, who maintain level-3 operation knowledge including documentation, consistency and standards in Chanel.
• This role should assist country Service Delivery Managers, regional operation and infrastructure teams, and CISO on daily operation support and lifecycle project management, who also should assume end-to-end responsibility over security solution including requirements gathering, solution strategy and roadmap, solution selection, vendor selection, implementation, maintenance and support.
• This role act as a partner / advisory to internal IT and business functions with relevant solutions fulfilling business, budgetary and technical requirements to meet current and future needs. Effective and efficient communication skill is essential to deliver these challenging initiatives and to manage activities across IT teams within the APAC region.
• Network components security configuration - Proactive review and conduct necessary configuration change and patching on network components (e.g. Router, Switch, WIFI, etc) to address the vulnerability
• Server components security configuration - Proactive review and conduct necessary configuration change and patching on server components (Windows server, workstation, UNIX, SAN, content filtering system, etc) to address the vulnerability
• Anti-Virus and end point protection configuration - Manage Anti-virus and end point protection configuration
• Vulnerability Scanning and Penetration Test - Conduct vulnerability scanning and internal penetration test on systems /applications per request
• Incident Response to cyber security incident - Proactive detect and follow up the incident response to cyber security incident
• Operation Security Status Reporting - Provide regular operation security status report at regional and country level
• Provide regular operation security status report by domains (Network, Server, Anti-Virus, content filtering, etc)
• Project Delivery - Assist the delivery of cyber security projects including Network / System / Application layers
• Audit - Response to auditor’s request of security information in internal and external audit
• Security Governance Management - Establish and maintain governance and communications within IT to reflect security agendas
• Work closely with the market and regional IT teams to make sure individual security request and concerns are fully addressed
• Responsible for security incident reviews, where the security manager provides consultancy and decisions on behalf of the regional IT
• Provide financial management support relative to SLA and OLA commitments, including budget planning and optimization, adapted to financial needs
• Vendor Management - Conduct periodic performance and KPI reviews with the security providers based on agreed contractual terms
• People Management - Able to communicate effectively with internal business and IT teams, and effectively make sound management decisions
• Coach and lead the service team to constantly challenge self and display professionalism

• Undergraduate Degrees in Engineering, Computer Science, Information Technology or related technical field
• Certifications in CISSP or CISA, CCNP Security, CEH – Certified Ethical Hacker / Preferred: ITIL V3 Foundation
• At least 15+ years hands on experience of 7x24 production support on network, infrastructure and application environment with a minimum of 5+ years in security arena and 3+ years in managing the security functions
• Experience with Infrastructure and Application security projects delivery
• Working experience in MNC or retail industry is preferred
• Technical knowledge of current security technologies and security standards of networking, telephony, virtualization, DBMS, Active Directory, Internet, collaboration tools and operating systems.
• Solid experience with networks security, systems security, data security and application security management
• Solid security knowledge of network protocols such as TCP/IP, HTTP, NTP, SNMP
• In-depth understand on cryptography and solid experience on encryption tool
• Solid experience on administrating of security appliance including ASA Firewall, Forcepoint, Cloudi-fi (Zscaler), etc
• Solid security knowledge to core client technologies, including Microsoft Windows
• Security knowledge working with cloud computing; preferably AWS, Azure
• Solid understanding of security infrastructure technology and an interest in following the trend of security technology evolutions
• Holistic view of system security operations and interfacing with other infrastructure and application teams
• Organized, self-motivated, enthusiastic and proven rapid learning capability
• Good spoken and written English skills, with business level Mandarin as a plus
• Professional presentation capabilities both on paper and verbally
• Proven multi-tasking skills and desire to resolve problems with a positive ‘can-do’ attitude

Classy Wheeler