SVP, DevSec Ops Manager, Investment & Trading Technology, Technology and Operations

  • Competitive
  • Singapore
  • Permanent, Full time
  • DBS Bank Limited
  • 25 Apr 19

SVP, DevSec Ops Manager, Investment & Trading Technology, Technology and Operations

Business Function

Group Technology and Operations (T&O) enables and empowers the bank with an efficient, nimble and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In Group T&O, we manage the majority of the Bank's operational processes and inspire to delight our business partners through our multiple banking delivery channels.

Purpose

This candidate will lead the onboarding to multiple Security platforms: SAST (Fortify), DAST (WebInspect), Third party risk (open source and propriety). They will also provide advisory to project teams on software security and platform related topics

Accountabilities

  • Lead the support of SAST, DAST, OSS Risk platforms
  • Provide expertise to drive the bank-wide standardisation of software security tools usage, around industry leading practices, and support the adoption.
  • Lead the onboarding to SAST,DAST, OSS Risk platforms
  • Improve the core security knowledge of the team in order to support the onboarding to the platform
  • Provide Security requirements and security testing advisory to the project teams


Responsibilities

  • Support the Software Security Initiative in driving the transformation of application security across the Bank
  • Support the team in the design and build the DevSecOps toolchain.
  • Support the onboarding to the SAST and DAST platforms and Open Source Software Risk platform
  • Conduct software security trainings and/or "Office Hour Talks" on a periodic basis
  • Occasional travel (quarterly) to regional office in DBS India is required


Requirements

  • Approx. 5 years' experience in an application development role, of which at least 2 years should be in an application security capacity
  • Good understanding of Secure SDLC (or "Secure By Design") framework
  • Knowledge and hands-on experience with SAST/DAST tools
  • At least 1 year experience with Security Testing and/or Penetration Testing
  • Experience with IAST, Open Source Software Scanning tools is an advantage
  • Either possessing CISSP/CSSLP or equivalent certification, or is a candidate to achieve the certification(s)
  • Able to work with technology experts at all levels of the hierarchy with credibility
  • Open to new ideas and prepared to innovate - showing flexibility