IT Security

Job Description

A. Information Security Operations

1. Vulnerability Management

- Conduct regular vulnerability assessments of all application servers.

- Ensure timely patching and remediation of identified vulnerabilities.

2. Endpoint Security

- Maintain compliance of all endpoints with Falcon CrowdStrike antivirus and EDR.

- Ensure consistent endpoint protection coverage across the organization.

3. Security Incident Response

- Monitor and respond to alerts from SIEM tools in coordination with Corporate IT.

- Investigate and resolve security incidents such as malware, phishing, and breaches.

4. Network Security

- Monitor and secure network traffic using firewalls, IDS/IPS.

- Configure and maintain secure LAN/WAN, Wi-Fi, and VPN access.

- Manage Wi-Fi security at plant and corporate office.

5. Tool Deployment & Management

- Manage deployment and operations of security tools (EDR, DLP, encryption, etc.).

- Liaise with third-party vendors for security tools and updates.

----------------------------------------

B. Governance, Risk, and Compliance (GRC)

1. Policy & Procedure Management

- Deploy, maintain, and periodically review IT policies and procedures.

- Modify policies based on business requirements or corporate IT recommendations.

2. Audit & Documentation

- Prepare documentation for internal and external IT audits.

- Support audit processes and provide necessary evidence and responses.

3. Compliance

- Ensure compliance with applicable standards (ISO 27001, GDPR, SOC 2, etc.).

- Conduct internal compliance checks and assist external auditors.

4. Risk Management

- Perform periodic IT risk assessments.

- Identify security risks and recommend mitigation strategies to IT leadership.

----------------------------------------

C. Identity & Access Management

1. User Lifecycle Management

- Handle user provisioning and de-provisioning in systems and applications.

- Implement and monitor role-based access control and MFA.

2. Access Audits

- Periodically review user access rights.

- Address access anomalies and unauthorized permissions.

----------------------------------------

D. Security Awareness and Training

1. Training & Awareness

- Conduct cybersecurity awareness sessions for all employees.

- Develop and distribute best practice guides and security communications.

---