About FWD Group
FWD Group (1828.HK) is a pan-Asian life and health insurance business that serves approximately 34 million customers across 10 markets, including BRI Life in Indonesia. FWD’s customer-led and tech-enabled approach aims to deliver innovative propositions, easy-to-understand products and a simpler insurance experience. Established in 2013, the company operates in some of the fastest-growing insurance markets in the world with a vision of changing the way people feel about insurance. FWD Group is listed on the main board of the Hong Kong Stock Exchange under the stock code 1828.
For more information, please visit www.fwd.com
FWD Technology and Innovation Malaysia Sdn. Bhd., known as FWD TIM, was established in late 2019. Strategically located in Kuala Lumpur, FWD TIM serves as a pivotal shared service location within FWD Group, providing services to multiple markets across the Group. FWD TIM houses a diverse and talented workforce focused on essential business and technology services such as information security, cloud operations, IT solutions delivery, digital and data, actuarial, finance, investments, and customer service, among many others. FWD TIM is dedicated to drive and deliver operational excellence and efficiency, foster innovation and ensure regulatory compliance across all business functions as well as maintain a competitive edge in the market.
PURPOSE
Lead the coordination, investigation, management, and resolution of a broad range of cyber-security incidents for FWD Group including all markets.
Act as Level 3 Incident Response Manager (Individual Contributor) and perform timely and accurate highly critical and complex Cyber Incident Response cases across FWD Group, within the SLA, based on risks prioritisation and within established processes and SOPs.
Proactively identify, propose and drive the transformation and enhancement projects through the management and collaboration with relevant internal teams and external solutions providers to continuously improve the Group Cyber Security Incident Response Management, Detection and Monitoring processes and SOPs, performed by internal teams and vendor, leveraging automation and technologies available.
Build knowledge and coach Business Units IT Security leads, to understand their role in Cyber Incident Management.
KEY ACCOUNTABILITIES
Oversee and guide service providers to ensure L1 incident response resolutions meet the expected SLA and to enhance their monitoring, triage investigation processes capabilities prior to escalation.
Investigate incident response cases to identify root cause, and coordinate with multiple internal teams and external solutions providers to remediate and resolve issues on a timely manner and effectively.
Leverage detection and response solutions in place, to further assess and proactively address any escalated potential incidents
Identify and drive continuous improvement of FWD Cyber Incident detection, contextualization and response processes and tools, leveraging automation and orchestration where possible
Manage and coordinate potential incidents escalations, for investigation, along with any required internal or external stakeholders
Lead and manage the communication and coordination of Cyber Security Incident response actions with Business Units and ensure smooth and proper closure of the Incident Response cases
Analyse the findings of Threat Intelligence and work with relevant internal teams and Business Units to coordinate and/or execute actions to ensure FWD Group prevention, detection and response capabilities setup is maximized against those new threats.
Perform in-depth analysis of malware or other potential malicious processes or software identified in the organization
Coordinate and manage Cyber Security testing activities, and provide advice on remediation
Develop, document and maintain SOPs and knowledge base for cyber security services relating to incident response, intelligence analysis, evidence acquisition, forensics recovery, and others
Continuous knowledge improvement in tools and best practices in Cyber Security threat monitoring and incident response, including contextualization and automation
Evaluate new emerging Cyber Security technologies and make recommendations for adoption within FWD Group
KEY PERFORMANCE INDICATORS
Timely and accurate coordination and management of all incident response cases within SLA
Successful implementation of transformation and improvement initiatives to enhance Incident Response Management and Monitoring capabilities, with the support of Group IT Security Engineering teams
Evolve Cyber Incident Monitoring, Contextualization and Response processes and SOPs, leveraging automation and technologies available
Doing things right, creating synergies for the overall FWD goals and objectives, along with a people first approach
EXTERNAL & INTERNAL CONTACTS
Group CISO
Group Head of IT Security Monitoring and Incident Response
Group IT and IT Security Teams
Business Units IT and IT Security Teams
IT Vendors and/or Service Providers
QUALIFICATIONS / EXPERIENCE
Minimum 7 years working experience in Cyber Security Incident Management
Degree from Information Technology or equivalent discipline
Desirable Certifications on: ECCouncil Computer Hacking Forensics Investigator (CHFI), GIAC Certified Incident Handler (GCIH), GIAC Reverse Engineering
Malware (GREM), GIAC Certified Forensic Analyst (GCFA)
Regional experience in this role is preferred
KNOWLEDGE & TECHNICAL SKILLS
Excellent knowledge of Advanced Persistent Threats, attack tools, techniques, and methods used by adversaries
Excellent knowledge of penetration testing services and techniques.
Excellent written and verbal communication skills and ability to perform working under pressure (IT Security Incidents)
Excellent management and coordination skills with solid influencing skills to drive remediation, resolution and changes in a regional and multicultural environment
Ability to define, prioritize and execute process in a structured manner
Experience in an operational capacity as part of IT Security incident response function
Experience with networking and TCP/IP traffic, along with firewall, SIEM, IPS, EPP, EDR, APT, DLP, proxy, antivirus, anti-spam and spyware solutions.
Experience conducting log and activity review, along with stream or packet capture, in support of intrusion analysis.
Desirable: Certification in Crowdstrike or Carbonblack EDR solutions.
Desirable: Experience on Microsoft Sentinel, Splunk SIEM solutions
Desirable: Experience with a programming/scripting language