(i) Minimally three (3) years of experience in IT security governance and operation; and
(ii) CISSP or Global Information Assurance Certification (GIAC) or equivalent.
The ITSO shall be responsible for the following in the ATFMSI:
(a) Prepare IT security policies and action plans for review at least once a year or as required by the Representative;
(b) Evaluate IT security products and solutions features. Review logs and accounts on regular basis.
(c) Implement and manage the risk management methodology
(d) Develop, implement and maintain security management frameworks and governance;
(e) Develop and submit security policies, security architecture, standards, procedures, processes and control measures in the environment
(f) Implement IT Security Incident Management and handle IT security incidents;
(g) Work with other Government-appointed Suppliers to resolve IT security incidents;
(h) Participate and assist in Government/public sector and services-wide IT security incident response table-top exercises and technical assessment exercises;
(i) Perform disk image acquisition for forensic investigation purposes within three (3) days when required by the Representative and to protect the acquired disk image from tampering. The disk image acquisition tool, subject to approval by the Representative, shall be provided by the Contractor;
(j) Meet with the Representative monthly or as determined by the Representative to highlight security issues and propose improvements;
(k) Liaise and co-ordinate meetings on IT security matters with appointed Suppliers, security organisations and the customer and
(l) Perform other activities necessary to secure the SI and Customer’s IT Infrastructure.
IT SECURITY INCIDENT MANAGEMENT
ITSO shall take all necessary actions to ensure that all IT security incidents are handled and managed in accordance with the SIH Framework and the approved Technical SOP. The Contractor shall also implement measures to prevent the occurrence of IT security incidents. The Contractor shall support the Representative, Customer, appointed Suppliers and Customer-appointed Suppliers in resolving IT security incidents when the need arises.
The ITSO should have experience in to carry out immediate investigation and implement workaround solutions in the event of an IT security incident. Such resources shall minimally include alternate anti-Malware scanning capabilities, authorised network sniffers, network taps, network hubs and computing devices.
The ITSO should inform the IT Security Incident Response Team, any other personnel or supplier appointed by the Representative, about the IT security incidents.
Responding, Initial Diagnosis and Escalation
(a) The ITSO shall inform the parties listed in the Technical SOP within the Expected Response Timeline of the Incident Management.
(b) The information to be provided shall include the incident reference number, description, date and time and the impact (including who had been affected) of the incident.
Investigation, Diagnosis and Resolution
(a) The ITSO shall resolve the IT security incident or implement workaround within the Expected Resolution Timeline of the Incident Management process
Resolution for Preventing Recurrence of Security Incidents
(b) For cases where workarounds are implemented, the ITSO shall identify the root causes and implement permanent resolutions according to the Problem Management process.
(c) The ITSO shall be responsible to close all IT security incidents in accordance with the Incident Management process.
(d) For every IT security incident, the ITSO shall submit to the Representative an incident report in draft within one (1) day and a final version within three (3) days of incident resolution, unless otherwise agreed by the Representative.
(e) The incident record shall be closed only when the incident report is accepted by the Representative. The Representative reserves the right to verify the details in the incident report against the associated incident record maintained by the ITSO. The incident report shall be in the format defined by the Representative.
ITSO Need to participate in following audit activities performed by 3rd party auditors or internal auditors
(a) IT Security Review;
(b) IT Vulnerability Assessment;
(c) IT Security Penetration Testing; and
(d) IT Security Compliance Review.
Record, track and follow-up with the respective team on the closure of the findings from the audits
(a) Perform Security Awareness for all the employees
(b) Perform adhoc Security Awareness for targeted users on specific topics
(a) Maintain and track the EOL/EOS of the software/tools/products used in the Infrastructure
(b) Track and action on the security advisory related to the products in the Infrastructure from multiple sources and ensure remediation measures are taken on priority
(c) Ensure all vulnerabilities in the products in the Infrastructure are remediated or controlled as per the represented requirements
Support for DAM and PAM
(a) Ensure all the activities related to DAM and PAM are completed within the accepted SLA
(b) Ensure support for all 3rd party security related services are managed within the SLA timelines