Technology Information Security Manager for OPS
Reporting to Head of Business Services. The role is to support Technology Information Security Office in the development, implementation and maintenance of governance framework and technology information security strategies and standards with the purpose of protecting the Company and its customers' information and technical assets. This role is responsible for identifying, evaluating and reporting on key risk metrics, aligning security posture of the organization across its subsidiaries in a manner that supports effective management oversight on security governance and operations at the Company level.
This role also provides advisories and manages IT application and infrastructure projects across OCBC Property Services. Key Responsibilities:-
Policy & Communications
Oversees and manages the following functions under the "Policy & Communications" team:-
- Ensure technology information security standards, guidelines and procedures are up-to-date
- Obtain feedback and buy-in from stakeholders and approval from the Group for new and material changes to governance framework and technology information security strategies and standards.
- Drive work streams to align Company's security framework and standards.
- Run regular meetings to report on departmental key risk metrics, project status and state of alignment to support effective management oversight on security governance and operations at the Company level
- Provide risk management reports and metrics and any other ad-hoc management reporting as required.
- Manage cyber threat alerts and advisories from regulators and other relevant sources to ensure prompt dissemination and follow-up.
- Raise employee awareness through the publication on emerging threats.
- Provide support to internal, external and regulatory audits on technology information security, and ensure committed action items to audit observations are closed in a timely manner.
Application & Infrastructure
Oversees and manages the following functions under the "Application & Infrastructure":
- Develop, implement and maintain risk assessment methodologies, processes and procedures.
- Conduct risk assessment on application and infrastructure systems to identify and address risk areas and non-compliance to technology information security standards and regulatory requirement.
- Keep abreast of new and emerging technologies, such as cloud computing and tokenization etc, and articulate their associated risks in practical and business context.
- Manage vulnerability assessment, penetration testing and secure code reviews to ensure identified vulnerabilities are assessed appropriately. Ensure that the necessary mitigation and remediation measures are in place to address the risks.
- Manage IT outsourcing risks through due diligence reviews on outsourced service providers to ensure that the engagement is in compliance with regulatory requirements and industry guidelines.
- Establish and provide metrics to reflect the team's performance on a regular basis.
- Manage IT projects and work with internal and external stakeholders on project delivery.
- Serves as escalation point for issues faced by the teams
- Accountable for departmental KPIs on risk, service, people and finance within the area of responsibilities.
- Collaborate with other departments on projects or work streams in the area of IT risk management.
- Prepare and deliver presentations to management as required.
- Initiate and lead process improvement and realignment initiatives to improve the effectiveness and efficiency of existing processes and procedures. Monitor the schedule and scope to ensure they remain on track.
- BSc/BA degree in related technical and security disciplines.
- At least 5 years of working experience in information security and IT project management.
- Certifications in information security would be advantageous.
- Strong knowledge in information security principles and IT controls, technology risk management and outsourcing risks.
- Familiarity with regulatory requirements and industry guidelines.
- Demonstrated ability to inspire effective teamwork.
- Ability to articulate security requirements in the business context and challenge the evidence provided to substantiate the review .
- Resourceful and able to engage the various stakeholders to drive outcomes and discussions around new initiatives.
- Excellent communication, planning and organization skills.
- Demonstrated experience in business process re-engineering is an advantage.