Job Description

You will be a member of the Group Information Security Team responsible for ensuring that IT solutions (both applications, infrastructure and cloud) are developed and designed with security inbuilt. The end result of your effort will be IT infrastructure, cloud, systems and applications that are secure-by-design and have preventive and detective security controls inbuilt into it to prevent/detect any security issues.

Key Responsibilities

• Provide leadership within the information security domain through development of practical and appropriate cybersecurity strategies and action plans.
• Provide security consultancy, technical guidance, expertise, solutioning and education.
• Advise application and infrastructure teams on application and infrastructure security design that is relevant and fit for purpose
• Lead and align security architecture frameworks and standards with business strategies and functions.
• Identify and assess cyber risks in the application and network
• Advise and review application security design to detect potential security issues and for each issue, propose and drive remediation tasks.
• Develop application security blueprints.
• Architect and create reusable application framework that mitigates against current and future attack scenarios.
• Perform threat modelling on security critical applications.
• Define scope and review the results of security tests, reviews and audits to ensure security assurance is achieved.
• Keep up to date on emerging security threats and vulnerabilities on new platforms adopted by the SIA Group.
• Propose and/or develop training courses to advance developers’ security knowledge.
• Recommend and drive cyber security solution and initiatives to improve cyber security of the organisation.
• Manage individual project priorities, deadlines and deliverables.
• Maintain Cyber risk management framework and perform assessment of applications for emerging areas like cloud security, machine learning etc.

• Degree in IT or related fields, with at least 10 years in information security, especially in the application security space.
• Professional security certifications (CISSP, CSSLP, CEH etc) preferred.
• Technical proficiency in one or more of the following security areas: network design, zero trust, Internet of Things, cryptography etc.
• Strong in-depth working knowledge in secure application development techniques (design and coding).
• Strong understanding of Agile, DevSecOps and securing cloud technologies.
• Knowledge of cyber security threats, vulnerabilities, hacking and exploit methods etc.
• Strong oral, written, presentation and inter-personal skills.
• Possess positive attitude with drive, initiative, enthusiasm and a keen sense of urgency in resolving high-priority issues.
• Able to work independently and in a team-oriented, collaborative environment.