Job Description

Responsibilities :- 1.Development, Maintenance, Monitoring and Decommission of IT Security Standards (hardening) and Procedures

• Develop, maintain, monitor and decommission of IT security standards and procedures to all relevant stakeholders;
• Work with system custodians/owners on the testing and implementation of the IT security standards and procedures;
• Ensure IT Security standards and procedures remain up-to-date and in compliance with IT Security Policy, laws and regulations, accreditation requirements and industry best practices;
• Ensure key changes (to industry best practices, security benchmarks, hardening checklists, laws and regulations (e.g. MAS, BNM), cyber risks, IT landscape) are monitored and assessed if any impact to IT security standards and procedures;
• Define and compile metrics and dashboards relevant to the development, maintenance, decommission and compliance with IT security standards and procedures.

• Support the system custodians/owners to ensure that systems, applications and processes are aligned to the security standards and procedural requirements;
• Evaluate and make recommendation(s) on IT Security standards, procedures and waivers raised by stakeholders;
• Manage audits and assessments relating to compliance with IT security standards and procedures;
• Evaluate risk profiles of all hardware and software used by the Bank and identify those that require intervention (e.g. develop new or revise existing security standard(s)) in order to raise the compliance levels and security of all hardware and software used by the Bank;
• Lead and manage projects/initiatives related to the development, maintenance, testing, implementation, monitoring and decommission of IT security standards and procedures.

• Communicate and cascade matters relating to IT security standards and procedures to relevant stakeholders;
• Plan and manage engagement with stakeholders to enhance their understanding on IT Security standards and procedures, and obtain feedback for improvement;
• Ensure timely and useful policy advice/ clarification are provided to stakeholders, evaluate and make recommendation(s) on IT Security standards, procedures and waivers raised by stakeholders;
• Ensure necessary processes are put in place, and revised in a timely and agile manner in anticipation of changes to landscape and priorities in order to improve the bank\'s alignment to central policy priorities, to allow exceptions to be handled expeditiously and reasonably, and to remove or contain potential harm arising from non-compliance and breaches.

• Bachelor\xe2\x80\x99s degree in IT or equivalent with at least 3 years of experience in implementation, maintenance, administration, and/or security hardening of IT software and/or hardware (e.g. operating systems, network devices, Active Directory, applications (e.g. mobile, web, client-server), web servers, etc.);
• Experienced in writing and maintaining IT security/hardening policies, procedures, and controls in one or more standards/frameworks;
• Knowledge of Tripwire, Nessus, computer networking concepts and protocols and network security methodologies;
• Knowledge of risk management processes;
• Knowledge of cyber threats and vulnerabilities;
• Experienced in Risk Management in both a compliance and security context;
• Ability to work in a fast-paced environment and the skills to deal with ambiguity;
• Ability to handle multiple competing priorities;
• Candidates with limited experience but with the right aptitude, may also be considered for a junior position.