Job Description

Crxc3xa9dit Agricole CIB is the corporate and investment banking arm of Crxc3xa9dit Agricole Group, the 10th largest banking group worldwide in terms of balance sheet size (The Banker, July 2022).
8,600 employees in more than 30 countries across Europe, the Americas, Asia-Pacific, the Middle-East and North Africa, support the Bank's clients, meeting their financial needs throughout the world.
Crxc3xa9dit Agricole CIB offers its large corporate and institutional clients a range of products and services in capital market activities, investment banking, structured finance, commercial banking and international trade.
The Bank is a pioneer in the area of climate finance, and is currently a market leader in this segment with a complete offer for all its clients.For more information, please visit www.ca-cib.comTwitter: https://twitter.com/ca_cib
LinkedIn: https://www.linkedin.com/company/credit-agricole-cib/By working every day in the interest of society, we are a group committed to diversity and inclusion. All our positions are open to people with disabilities.Reference 2025-96523Publication date 06/02/2025Job descriptionBusiness typeTypes of Jobs - IT, Digital et DataJob titleCybersecurity Engineering SpecialistContract typePermanent ContractJob summaryPositionWe are looking for a Cybersecurity Engineering Specialist with expertise in Security Engineering and Risk Management. Joining the IT Security Officer team within the Chief Information Security Officer (CISO) department, you will focus on reviewing and assessing the security of our corporate desktops, servers, infrastructure applications and networks. Your responsibilities will include policy enforcement, risk management and cyber risk assessments, ensuring alignment with internal information security policies, standards, and external regulatory requirements. This role requires a strong understanding of security best practices, knowledge in Cloud technologies, and hands-on experience with enterprise security tools and frameworks. You will collaborate with the Credit Agricole CIB security community across ASIA and with other global entities.Main Responsibilities1. Security Engineering
Ensure security requirements are incorporated early into the systems development lifecycle of the enterprise IT infrastructure, systems, and applications.
Ensure governance through regular review, reporting and monitoring to ensure compliance with Policies and Standards, and alignment with regulatory requirements.
Evaluate and recommend security tools, technologies, and frameworks to strengthen the security posture of the bank.
Collaborate with stakeholders including IT infrastructure, DevOps, and application teams to ensure security measures and best practices are integrated throughout the development lifecycle of financial applications and services.
Prepare RFQ and evaluation criteria, Proof of concept (POC) during product evaluation. Consulting with vendors to implement security solutions.
Stay updated on emerging security threats and proactively provide solutions to safeguard IT systems from evolving risks.
2. Governance and Risk Management
Conduct Cybersecurity Risk Assessments on IT systems and/or applications. (on-premises and cloud infrastructure).
Ensure security measures described in the risk analysis of IT projects are properly implemented.
Ensure that the audit on the Information systems has security measures in place that comply with the security policies and standards.
Identify gaps, deficiencies, or deviations on the implementation of the controls and analyse areas for improvement.
Collaborate with cross functional teams to provide evidence and insights during internal and external audits.3. Identity and Access Management (IAM)
Ensure Identity Access Management (IAM) policies around access management such as Role-based access control (RBAC), password management, Privileged access management (PAM) comply with security policies and standards.Supplementary Information4. Data ProtectionEnsure the implementation of data protection strategies are aligned with regulatory and operational requirements of the banking sector. This includes data classification, encryption, and key management (HSM, KMS).
Ensure the implementation of data loss prevention (DLP) solutions is adequate to mitigate the risk of unauthorized access, leakage, or alteration of critical data.
Ensure data access controls that are implemented follow security policies and standards, and regulatory requirements.5. Collaboration and SupportWork closely with cross-functional teams such as IT infrastructure, DevOps and Risk management including technology and business stakeholders, to ensure that security requirements are incorporated into system designs and day-to-day operations.
Ensure security training and awareness is provided within the bank to foster a culture of vigilance and proactive security.
Pro-active self-starter demonstrates initiative and works independently with minimum supervision.
Able to work independently and in a collaborative environment.Position locationGeographical areaAsia, SingaporeCitySingapourCandidate criteriaMinimal education levelBachelor Degree / BSc Degree or equivalentAcademic qualification / SpecialityEducation

• Bachelor's Degree in Computer Science, Information Technology or equivalent.
• Minimum of 5-7+ years of experience in Information Security, Governance or Risk Management.

Professional Certifications: CISSP, CISM, CISA, Cloud or equivalent (preferred). * Experience in the financial services sector is highly desirable, with a strong understanding of the banking regulatory environment.Level of minimal experience6-10 yearsExperienceRequirementsxc2xb7 Minimum of 5-7 years of experience in cybersecurity domain, with a focus on securing enterprise information systems, network security or cloud security.xc2xb7 Experience in the financial services sector is highly desirable, with a strong understanding of the banking regulatory environment.xc2xb7 Proficiency with security tools: IPS, VPN, Proxy, AV, EDR, vulnerability management.Technical Skillsxc2xb7 Hands-on experience such as network security, endpoint, EDR and data encryption.xc2xb7 Strong understanding of SIEM, network security, incident response, and threat detection and response.xc2xb7 Knowledge of software development lifecycle (SDLC), DevOps and integration with security assessment xe2x80x9cShift Leftxe2x80x9d is preferred.Soft Skillsxc2xb7 Analytical mindset with the ability to identify complex security challenges and devise effective solutions.xc2xb7 Effective communication skills, capable of engaging both technical and non-technical stakeholders in a clear and concise manner.xc2xb7 Meticulous, with a proactive approach to identifying and mitigating potential security risks.xc2xb7 Ability to work independently as well as part of a collaborative, cross-functional team.

Crxc3xa9dit Agricole