Job Description

Cr\xc3\xa9dit Agricole CIB is the corporate and investment banking arm of Cr\xc3\xa9dit Agricole Group, the 10th largest banking group worldwide in terms of balance sheet size (The Banker, July 2022).
8,600 employees in more than 30 countries across Europe, the Americas, Asia-Pacific, the Middle-East and North Africa, support the Bank\'s clients, meeting their financial needs throughout the world.
Cr\xc3\xa9dit Agricole CIB offers its large corporate and institutional clients a range of products and services in capital market activities, investment banking, structured finance, commercial banking and international trade.
The Bank is a pioneer in the area of climate finance, and is currently a market leader in this segment with a complete offer for all its clients.For more information, please visit www.ca-cib.comTwitter: https://twitter.com/ca_cib
LinkedIn: https://www.linkedin.com/company/credit-agricole-cib/By working every day in the interest of society, we are a group committed to diversity and inclusion. All our positions are open to people with disabilities.Reference 2024-88920Publication date 22/04/2024Job descriptionBusiness typeTypes of Jobs - IT, Digital et DataJob titleIT Security Officer (Ref 60032)Contract typePermanent ContractJob summaryPosition
IT Security Officer (ITSO)
IT Security Officer role is responsible for managing and supervising Information Technology Security matters for the Bank in Singapore and ensuring that the execution of Information Security activities are in alignment with Banks\' Security Policy and Standards. Person is also in charge of coordination of operational security of Information Systems, conducting Cyber Security Risk Assessment and ensuring effective management of IT Security initiatives in Singapore.Main Responsibilities (not limited to)

• Information Systems in Singapore are in alignment with Groups\' Security Policies and Standards;
• Develop, contribute and establish local Security Policies, guidelines, standards and processes (as applicable) in conformance to Group\'s Information System Security Policies, Governance Texts and local regulatory requirements.
• Conducting Information Security (Cyber) risk assessments to identify Cyber risks, develop and maintain adequate and comprehensive mitigation and deliver subsequent corrective actions when KPI results are unsatisfactory.\\
• Advising business teams, technology teams and leadership on implementing cyber security best practices for managing cyber and technology risks.
• Maintaining oversight on Key Cyber risk/IT Security indicators in scope;
• Maintaining oversight on the deployment of various Security Programs and projects running for the bank in the region.
• Coordinate studies on security requirements for implementing new IT Security solutions and provide consultation support on IT infrastructures and Applications teams
• Ensuring all Security related requests and derogations are reviewed and granted based on Security Risk Assessments;
• Ensuring the Vulnerabilities under the perimeter are managed and mitigated as per the defined Vulnerability Management Process;
• Assist and recommend the Local IT teams to define and implement remediation actions plans derived from audits or security reviews.
• Follow up on IT security related audit recommendation action plans falling under SG or other entities
• Maintain and Publish the Security Dashboard for Singapore for the Security KPIs;
• Supporting the IT Permanent Controls team and CLSi function on technical matters related to IT Security topics;

Ensuring technical security projects for the region are * properly taken into account and effectively delivered;

• Accompanying local IT teams in technical security topics where Security expertise and advices could be needed, to ensure proper implementation of standards and best practices;
• Acting as an entry point for all technical security related matters to assess the overall Information Systems Security;
• Raising operational security needs or constraints, or local constraints, proposing solutions and possible adaptations of standards in case they cannot cover a precise local requirement (for example due to a local regulation);

Supplementary Information

• Helping IT teams in deploying level 1 and level 2.1 controls required by ISS control plans.
• Should be able to take up additional responsibilities as needed for the operations or as assigned by the manager;
• Comply with all applicable legal, regulatory and internal Compliance requirements, including, but not limited to, the Singapore Compliance manual and Compliance policies and procedures as issued from time to time; Financial Security requirements, including, but not limited to, the prevention of Financial Crime and Fraud including reporting obligations to the Money Laundering Reporting Officer/Compliance Officer.

Maintain appropriate knowledge to ensure to be fully qualified to undertake the role. Complete all mandatory training as required to attain and maintain competence.Position locationGeographical areaAsia, SingaporeCitySingapourCandidate criteriaMinimal education levelBachelor Degree / BSc Degree or equivalentAcademic qualification / SpecialityDegree and above relevant disciplineLevel of minimal experience11 years and moreExperienceCandidate Profile

• Must have a minimum 10 years of relevant experience in IT Security domain;
• Must be a bachelors/masters/engineering graduate or equivalent technical degree in Information Technology or Computer Science;
• Must have knowledge of different domains of Information Security;
• Must have prior hands-on experience in governance, managing and operating the Information System Security;

Should have experience in working in first and second line of Cyber defense; * Must have experience in conducting Cybersecurity Risk Assessments, security reviews of IT Projects;

• Must have experience in Security Exceptions management

Ability to apply risk based approach while working on assigned responsibilities; * Experience in defining, implementing, and enforcing enterprise-level Information Security Policies

• Excellent in analytical, communication and documentation skills;
• Must have strong understanding of ITIL processes and comfortable working in process oriented environment;
• Should have time management skills and able to manage work in fast moving environment;
• Should have excellent written and oral English language skills;

Professional Certifications :

• CISSP certification is must
• Any other IT Security or Cyber Risk related certifications are desirable

Work Schedule

• Work Hours: 8.45a.m. to 6. 30p.m (Monday to Friday) with one-hour lunch break.

Cr\xc3\xa9dit Agricole