AVP / Senior Associate, Cloud Security Engineer, Information Security Services, Technology and Operations
Business Function Group Technology and Operations (T&O) enables and empowers the bank with an efficient, nimble and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In Group T&O, we manage the majority of the Bank's operational processes and inspire to delight our business partners through our multiple banking delivery channels. Responsibilities
- Evaluate, built, implement and operate security tools for monitoring and securing public clouds (AWS, GCP, Azure)
- Perform risk assessment for business, application and infrastructure use of public cloud
- Participate, perform threat modeling, risk assessment, and recommend information security controls/processes for key projects
- Perform information security due diligence on outsourcing service providers, including conducting site audit of their premise and facilities.
- Explain assessed risk and recommended security controls/processes to key stakeholders including senior management
- Provide guidance and mentoring to less experienced security engineers
- Collaborate with colleagues on information security solutions
- Evaluate, recommend and drive the use of new technologies and processes that will enhance the bank's security strength while balancing user experience and security objectives
- Respond to information security issues during each stage of a project's lifecycle
Apply Now We offer a competitive salary and benefits package and the professional advantages of a dynamic environment that supports your development and recognises your achievements
- Working experience developing applications or managing infrastructure services for public cloud such as AWS and GCP
- Working experience in the information technology domain (computer/mobile application, APIs, container technology such as Dockers, public cloud, data science etc) and preferably in the information security domain
- Experience performing system analysis and design requirements gathering.
- Bachelor's or Master's degree in Computer Science or equivalent
- Professional certification such as CISSP, GIAC GISP will be an added advantage
- Public cloud certifications
- Able to travel on a need to basis
- Possess good technical knowledge in various security tools (end-point, network, authentication etc)
- Good understanding of regulatory requirements (e.g. MAS Technology Risk Management Guidelines, PCI DSS, Personal Data Protection Act)
- Knowledge of tactics, techniques, and procedures associated with malicious insider activity, organized crime/fraud groups and both state and non-state sponsored threat actors.
- Able to perform coding on need-to basis to build or enhance existing security solution