Job Description

:

• Identify and implement areas of improvements within IT for better productivity, controls and efficiency on current function and overall IT Operations

IT Security

• Assess the effectiveness of the measures against security risk management plan
• Analyse and correlate information security events to identify appropriate event handling actions
• Monitor digital & cyber security footprint, overseeing all IT Operations and Infrastructure (alerts, logs, security survelliance)
• Lead for security assessments and scanning such as pentest, VA and follow up with risk mitigation
• Define the reporting strategies and metrics for effective communication of PACS IT security program.
• Recommend suitable enhancements to improve information security performance
• Evaluate new requests on cyber & IT security aspects to ensure meeting with our security requirements and posture

IT Assurance

• Manage, monitor and track IT risks, and ensure controls are implemented timely to mitigate the risks
• Proactively identify and escalate any risks to the IT Management
• Responsible for IT\xe2\x80\x99s DRR (Dept Risk Register), IT Risk updates, working with TRM for relevent committees including Risk Committees
• Coordinate with stakeholders on closing any gaps identified from the security metrics to ensure comply with regulatory and corporate policies
• Review and approve privileged ID withdrawal request
• Review metrics of Incident, Change, Problem and Service Request to make sure that SLA are met and drive improvements with Platform owners
• Manage internal, external and regulatory audit related to IT specific requests to ensure timely submission.
• Communicate changes to policies e.g. Group Security changes that will impact IT
• Monitor Dispensations, Pentest and VA closure status
• Work with TRM identify areas for CSA and complete per target timeline.
• Review half yearly user access reviews

Who we are looking for: Competencies & Personal Traits

• Experience in coordination with various stakeholders from technology, business & risk functions
• Experience in supporting IT Audits, MAS TRM, Cyber Hygiene Notice and related regulations
• Experience with implementation or administering of security technologies
• Knowledge on Software Development Lifecycle (SDLC) & Cloud Technology
• Self-motivated and results oriented, including ability to prioritize conflicting demands
• Meticulous with problem analytical skills and willing to be hands-on
• Innovative and creative in developing solutions
• Ability to work effectively with business managers, IT engineering and IT operations staff.
• Strong verbal and written communication skills

Working Experience

• 5 years or more experience working, preferably in Financial services / Insurance industry. At least 2 years in a supervisory position is desirable.
• Familiar with Singapore regulatory IT security requirements, example: MAS TRM, Cyber Hygiene notice.

Following certifications or similar would be beneficial:

• Certified Information Systems Security Professional (CISSP) issued by ISC2
• Certified Information Systems Auditor (CISA) issued by ISACA
• Certified Information Security Manager (CISM) issued by ISACA
• Global Information Assurance Certification (GIAC) issued by SANS
• Certifications in Agile / Scrum, CI/CD, DevSecOps , CCNA, MCSE

Education

• Bachelor\xe2\x80\x99s Degree or diploma in IT / Computer Science/Computing or related.

Language

• Fluent written and spoken English