Upto SVP, Information Security Officer - GIS

  • Competitive
  • Singapore
  • Permanent, Full time
  • Bank Of America / Merrill Lynch
  • 26 Sep 16

Upto SVP, Information Security Officer - GIS

Job Description:
Job Description:
The Information Security Officer will be a member of the Regional Information Security Officer's (RISO) organization for APAC covering Global Banking and Markets, and work closely with the Sr. Information Security Officers and Business Information Security Officers as well as a major contributor to the Global Banking and Markets Chief Information Officers (CIOs)/Chief Technology Officers (CTOs) teams to develop a strong information security risk-based program. This relationship will ensure a focus on the appropriate risk priorities for the Bank and the business. The Information Security Officer will report into APAC RISO team within the Global Information Security organization.

As an experienced Information Security professional, provide advice to Global Technology & Operations (GT&O) and line of business (LOB) management with regard to complex security issues;

Assists in the development, testing, implementation and review of security plans, products and control techniques.
Provides technical support to the GT&O management and staff in risk assessments and implementation of appropriate data security procedures and controls;
Monitors existing and proposed security standards, local legislation and regulations;
Identifies and escalates changes that will affect information security policy, standards and procedures;
Executes security controls to prevent theft or disclosure of company information.
Administers security policies to control access to systems and secured network perimeter.
Works on complex problems where analysis of situations or data requires an in-depth evaluation of various factors;
Exercises judgment within broadly defined practices and policies in selecting methods, techniques, and evaluation criterion for obtaining results to protect the bank's assets;
Provides work leadership by assigning work and resolving problems;
Serves as point of contact responsible for managing audit engagements impacting Global Information Security (GIS)

Other Responsibilities
Drives GIS/LOB risk deliverables. Collaborates with risk partners on critical information security priorities;
Identifies and measures global information security (GIS) controls on most critical business processes or channels;
Performs quality control and management reporting;
Monitors information security trends internal and external to the bank and keeps LOB leadership informed about information security-related issues and activities affecting the organization;
Acts as a point of contact to the LOB during information security incidents;

The Information Security Officer will focus / should demonstrate knowledge and experience in the following areas (prior hands-on experience preferred):
Contribute to the ongoing information security initiatives and improvements development, implementation and maintenance of information security for the line of business (LOB);
Possess strong development and/or application security background; with solid knowledge of SDLC from design, testing, deployment to post production and the different risk elements associated with each step;
Worked on the development of systems that requires identification and authorization of users;
Implementation and/or management of encryption for applications. Either the transmission of data or the storage of data and/or the management of the keys and certificates to protect the information/communication;

Required Skills:
Strong technical background in application, data, networks and server Infrastructure.
Competent in applying technical knowledge to perform security risk assessments, and articulate controls requirements to mitigate identified gaps;
Proven risk management experience identifying, analyzing and communicating business and security-related risks to the organization and corporate program;
Must display subject matter experience in either application security, vulnerability testing, system testing, network security, systems security and/or Agile lifecycle management;
1-2 years of risk management experience or direct participation in risk management processes, including application risk classification and application control assessments;
Maintain a broad understanding of regional laws and regulatory requirements relating to information security and privacy, industry best practices, exposures, and their impact to the business;
Experience in technology auditing and working with senior management is an advantage;
Experience in giving presentations with good interpersonal, communication and influencing skills;

Desired skills:
An experienced Information Security professional with at least 5-8 years in information technology security related activities, such as risk management, security design, implementation and testing;
Good working knowledge of governance, risk management and compliance routines and control processes;
Financial Institution knowledge or strong LOB knowledge/experience for the type of business (e.g. Global Markets, Global Wholesale Banking etc) is strongly desired;
Strong background in modern programming languages (such as Python, Ruby, or Java) preferred but not essential;
Has good initiative and able to work independently with minimum supervision;

Posting Date: 21/04/2016
Location: Singapore - Singapore

Full / Part-time: Full time