• Provide the excellent supports on overall aspects of Information Security, IT Governance, IT Risk and IT Assurance. • Operate a hands-on role involving penetration testing and vulnerability assessment activities of applications, operating systems, networks, and mobile applications on regularly basis to identify vulnerability across several systems. • Analyze security policies configuration and provide recommendation based on industry best practices. • Produce actionable, threat-based, reports on security testing results and present the finding to head of department and management ongoing basis. • Conduct physical assessments of servers, systems, and network device security. • Coordinate and lead on external and internal penetration testing projects and provide promptly update to management • Consult with application developers, systems administrators, and management to demonstrate security testing results, explain the threat presented by the results, and consult on remediation • Promote information governance and security at all levels of management and employees, maintaining and developing a positive culture of compliance against industry standards and regulations; • Identify and address a full range of issues from structure and policy, through to assisting in specific areas such as data privacy; data leakage prevention / monitoring; information rights management; third party security and cryptography; • Develop and maintain security assessment testing plans.

• Having 2 years of experiences on network, application or mobile pentest and security configuration review or working experiences in financial / telecom / auditing industry. • Bachelor's Degree in Information Technology, Computer Science, and Software Engineering or a related qualification, and/or demonstrated capability through past employment experience; • Holding security related certification (CySA+, CHFI, OSCP, OSCE) or from equivalent recognized certification body. • Proven ability to write easy to understand reports and deliver presentations on information risk management, systems process control and IT general control review reports; • Proven ability to work and communicate effectively and fluently with managers and staff, including the ability to explain complex technical issues in terms that non-technical managers and staff will understand.