Lead Information Security

Job Description

Title: Lead Information Security

Company Name: ASAI Management Services Limited

Vacancy: 1

Age: Na

Job Location: Dhaka

Salary: Negotiable

Experience:

• At least 8 years
• The applicants should have experience in the following business area(s): Investment/Merchant Banking, IT Enabled Service, Group of Companies, Financial Consultants

• Bachelor of Science (BSc) in Computer Science & Engineering
• Bachelor of Science (BSc)

Certifications (preferred):

▸     Security: CISSP / CISM / GIAC (e.g., GCIH) / CEH (or equivalent).

▸     SOC/IR: incident response or SOC analyst certifications are an advantage.

▸     Cloud/SIEM/EDR vendor certifications (e.g. Microsoft365) are an advantage.

• At least 8 years
• The applicants should have experience in the following business area(s): Investment/Merchant Banking, IT Enabled Service, Group of Companies, Financial Consultants

▸     Security Skills: Firewall Configuration, Policy Creating, Access Control List (ACL), VPN, SSL VPN, IPSEC VPN, URL filtering, Application Control, Web Application firewall operation, Privilege Access Management (PAM), SIEM, Two factor authentication, (2FA), VAPT tools, Load Balancing, Bandwidth Control, SSL Certificate report and log monitoring, regular configuration Backup and restore. Centralized Antivirus Operation, report, Control, Group Management. Web SSL certificate deployment etc.

▸     System Deployment Knowledge: Installing and configuring Windows Server, Operation, Log/Event Check, Monitoring, data backup, OS update etc. Managing Clustered System, Guest VM monitoring. Good understanding of Virtualization, System Design, Plan, MPIO, ISCSI etc.

▸     Network-System Design: Making Network Diagram, Creating and Making IP Plan, Product Selection for network, server and consumer products.

▸     Networking Skills: Layer 2 and Layer 3 Switch configuration, Skills on SSH, VLAN, Inter VLAN Routing, Spanning Tree, Routing Protocol (static and dynamic), Device Hardening, GRE Tunnel, IPSec VPN, Interfaces, Device Configuration backup and restore etc.

▸     Licensing and Subscription: Windows OS (Server and PC) licensing, Microsoft Office Licensing, Antivirus and Firewall Subscription, Cisco Webex, SSL Certificate and other software’s license and subscriptions.

▸     Product Knowledge: Cisco Layer 2 and Layer 3 Switches, Router, Fortinet Firewall, Dell Server, NetApp storage, Mikrotik Router, Product Licensing, RMA, Warranty information.

▸     Server and Storage: Understanding Server and Storage administration in SAN and NAS architecture

▸     Virtualization: (Hyper-V/VMware), Virtual machines create Operation etc.

▸     Cloud Computing Skills: Knowledge regarding cloud services such as AWS, Azure etc. Cloud DC/DR solution. Operational Skills on Azure Site Recovery.

▸     Knowledge of information security management frameworks, such as ISO/IEC 27001 and NIST CSF.

ASA International is one of the world’s largest and fastest growing international microfinance banking institutions offering socially responsible loans to underbanked, low-income female micro-entrepreneurs in Asia and Africa (“ASA International” or the “Group”). ASA International promotes financial inclusion and has successfully shown that access to financial services helps to reduce poverty and promotes social-economic progress for its predominantly female client base.

ASA International has a premium listing on the main market of the London Stock Exchange and serves close to 2.3 million customers across 13 countries in Asia and Africa. It has corporate head offices in Amsterdam, the Netherlands as well as in Dhaka, Bangladesh.

ASA International provides small loans ranging from USD 250 to USD 2,000. Almost all customers are women that run small businesses, from small shops, restaurants, sewing businesses, to various trading activities and cottage industries.

Increasing financial inclusion and promoting social and economic development of our clients and their communities is at the heart of ASA International’s mission.

▸     SOC Operations & Governance: Establish and run SOC processes (24/7 or 8x5 + on-call), shift handovers, case management standards, and escalation paths.

▸     Incident Response Management: Lead and coordinate incident response activities across entities; run incident bridges, ensure evidence capture, and drive root-cause analysis and post-incident reviews.

▸     Stakeholder Management: Interface with local IT teams, Risk/Compliance, and senior management; provide clear updates during incidents and routine operational reporting.

▸     Detection & Monitoring Oversight: Ensure high reliability alerting by overseeing SIEM content, use-case coverage (e.g., privileged access abuse, malware, suspicious logins, data exfiltration), and noise reduction.

▸     Platform Ownership (oversight): Ensure SOC tooling health and coverage (SIEM, EDR/XDR, email security, identity logs, network/security devices), including onboarding of critical log sources and maintaining documentation.

▸     Threat & Vulnerability Alignment: Work with Vulnerability Management and relevant teams to ensure detection and response is aligned to critical vulnerabilities, emerging threats, and risk priorities.

▸     Quality Assurance: Review investigation quality, closure codes, and adherence to SOPs/playbooks; coach analysts and enforce consistent standards.

▸     Metrics & Continuous Improvement: Own SOC KPIs (MTTA/MTTR, alert-to-incident ratio, false positive rate, coverage), drive improvements, and support audit/regulator evidence requests.

▸     People Leadership: Train and mentor L1/L2 analysts; manage performance goals, shift rotas, and professional development.