Am - It Security

Prudential's purpose is to help people get the most out of life.
We will deliver our purpose by creating a culture in which diversity is celebrated and inclusion assured, for our colleagues, customers, and partners.
We provide a platform for our people to do their best work and make an impact to the business, and in exchange, we support our people's career ambitions.
We pledge to make Prudential a place where you can Connect, Grow and Succeed.
- Ensure IT Security controls and processes are implemented in accordance with Group-wide Information Security Policies, Procedures, and Baseline Standards that cover 9 areas:

- Perimeter Defense
- Network Segmentation
- Identify & Access Management
- Application Security
- End Point Security
- Patch & Configuration Security
- Log & Event Management
- Penetration Testing & Vulnerability Management
- Encryption
- Align and support the tactical adoption of Regional IT Security initiatives
- Ensure IT Security assessments and the respective security testing are conducted for all major projects and initiatives in line with the GwISP Security Policies and Standards
- Ensure IT Security risks are identified, communicated and escalated as and when needed to the Technology Risk Management (TRM)
- Implement Network and Application Security Monitoring for key security events
- Handle the IT Security Incident Management, incident discovery and recovery, and incident reporting.
Acting as Primary Support during security incident, reporting repeated/related security incidents to Information Security Manager (ISM) and GwISP for follow-up
- Manage Privileged Account Management System (CyberArk).
Ensure privileged IDs are properly used, monitored and manage Direct and implement the necessary controls and procedures to protect information systems assets from unauthorized access
- Review Privileged ID for critical systems AS/400, Life/Asia, CM/WF, Windows Domain on quarterly basis
- Perform and ensure that IT Security vulnerabilities assessment and penetration test are done on schedule.
Support the remediation of IT Security vulnerabilities and penetration results
- Ensure that IT Security Patch Advisory published by GwISP reviewed and patches are tested and applied on schedule
- Involve in the IT DR plan to ensure the IT Security related matters are adequate
- Conduct Cyber Security Drill to designed and examine the proficiency of the people and processes related to the Prudential incident response capability