Job Description

Business Function

Group Technology and Operations (T&O) enables and empowers the bank with an efficient, nimble and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In Group T&O, we manage the majority of the Bank\'s operational processes and inspire to delight our business partners through our multiple banking delivery channels.

Responsibilities

The candidate will be responsible for the delivery and implementation of the Bank\'s cybersecurity risk management and compliance programmes to ensure that the Bank\'s technology and information assets comply with the relevant cybersecurity regulations.

The candidate will be working with key stakeholders to monitor and implement practices that meet the Bank\'s cybersecurity risk management policies and standards and ensure that the identified cybersecurity risks are evaluated and adequately addressed and remediated.

The candidate will also be assisting in the update and reporting of matrices on the Bank\'s cybersecurity compliance posture to the Management and elevating the overall cybersecurity awareness of the Bank. This includes:

• Working with key stakeholders and counterparts within the Bank to ensure compliance against key cyber and information security legislations and regulations;
• Identifying, analysing, evaluating and treating of cybersecurity risks posed to the Bank\'s technology and information assets to an acceptable level; and
• Uplifting the Bank\'s cybersecurity culture through cybersecurity awareness and continuous education efforts.

Legislation, regulations and policies

• Assist in the Bank\'s cybersecurity program including cyber security policies, regulatory audits, compliance management, metrics, risk and performance indicators and reporting to senior management;
• Track and monitor new security regulatory guidelines, and assess the compliance of and impact to the Bank\'s security policy architecture;
• Work with regional information security services teams in the core markets to monitor new cybersecurity legislation and/ or regulation, and assess the impact against the Bank\'s security policy architecture;
• Develop, review and update information security policies and standards to comply against regulatory requirements; and

Cybersecurity risk and compliance

• Conduct cybersecurity risk assessments by identifying, analysing, evaluating and treating cybersecurity risks to an acceptable level within the Bank;
• Timely coordination and completion of the Bank\'s Risk and Compliance programme in the identification and assessment of risk;
• Monitor cybersecurity risks, map risk profiles and manage the risk register, as well as enhance Key Risk Indicators for reporting to second line of defence and risk management committees;
• Continuously evaluate cybersecurity controls to ensure its effectiveness, compliance and adherence to policies standards while driving remediation efforts;
• Engage Line of Business Technology units to conduct annual cybersecurity risk assessment for key bank systems against regulatory requirements;
• Ensure timely implementation of corporate operational risk policies and standards within the Unit and assist operations teams to identify, report and address any gaps;
• Assess the security deviations and risk acceptances raised by Business Units / Support Units; and
• Engage and liaise with auditors and the information security services teams for cybersecurity related audits.

Cybersecurity awareness

• Maintain and support the Bank\'s cybersecurity awareness program to ensure continual elevation of the Bank\'s cybersecurity culture;
• Continuously assess and understand the Bank\'s susceptibility to cyber threats to improve the Bank\'s cybersecurity awareness through education activities and initiatives; and
• Maintain contemporary knowledge of trends and technologies and assess applicability to the Bank\'s environment in the spirit of continuous service and capability improvement.

Requirements

• Information security professional with five (5) or more years of experience, with a background in a financial or technology environment would be preferred.
• Experience in collation, management and reporting of security metrics such as open security vulnerabilities, penetration testing findings, security alerts and incidents, etc.
• Experience in information security framework including ISO27000, NIST800-53 and regulations such as Cybersecurity Act, Technology Risk Management Guidelines and Personal Data Protection Act.
• Good working knowledge of enterprise security risk management methods and techniques to successfully deliver the security risk management and assessment outcome.
• Strong background on security technology solutions including IDS, IPS, anti-virus, content filtering, secure email solutions, network sniffing, log analysis, forensics, and VPN.
• Good verbal and written communication for the generation of security awareness content.
• Proactive, analytical, performance-oriented, and independent worker with strong organization skills, and effectiveness to track and follow up on the assigned projects.

Apply Now

We offer a competitive salary and benefits package and the professional advantages of a dynamic environment that supports your development and recognises your achievements.

eFinancialCareers