Application Security Manager

The role is:

This role is to ensure compliance with Regional policies, process and IT security standards. In addition, it is required to Involve in implementing, consulting and assessing information risk for PVA and regional projects.

Job Responsibilities:

• Provide advisory, risk assessment and security assessment for IT projects follows Prudential Secure SDLC and DevSecOps requirements.
• Consult with business users, application developers, systems administrators and management to demonstrate security testing results, explain the threat/risk presented by the results, and consult on remediation.
• Liaise with vendor in the annual an ad-hoc penetration testing schedule to ensure proper budgeting by business lines.
• Take part in and ensure the completeness of the annual Application Security training program.
• Review and monitor vendor’s security service and deliverable.
• Regularly perform compliance assessment on regional policies, standards and drive remediation of control gaps.
• Take part in the implementation of security programs within the local business.
• Foster and maintain relationships with key stakeholders and business partners
• Champion both local & regional IT security initiatives to completion.
• Liaise with internal and external auditors and regulators to ensure all audit and compliance findings are adequately remediated across the business unit.
• Incident management and response.
• Other duties as assigned.

Qualifications:

• Qualifications: University degree in Computer Science or technology related disciplines
• A minimum of 5 years relevant experience in IT Security or Information Security (Technical)
• At least 3 years’ experience in Application Security or penetration testing required.

Knowledge and skill:

• Broad knowledge of security domains, trends, and technologies (such as threat and vulnerability management, identity & access Management, web application security, data loss prevention, encryption).
• In-depth knowledge of application development processes and at least one programing or scripting language (e.g., Java, DotNet, Python, Bash, etc.).
• Hands on experience with testing frameworks such as the PTES and OWASP for Web and mobile application.
• Familiar with Cloud native application, API security, Container.
• Extensive experience with security testing tools (e.g., SAST, DAST, OSS vulnerability testing, Container Security, RASP) embedded within DevSecOps and support CI/CD pipeline
• Applicable knowledge of Windows client/server, Unix/Linux systems.
• Experience with Cloud technologies in AWS, Azure, or Google Cloud.
• Professional qualifications such as CEH, OSCP, GWAPT preferred.
• Knowledge of risk management principles.
• Ability to manage relationships at various levels within the organization
• Ability to influence and resolve conflict through timely and transparent communications.
• Ability to work under pressure