VP, Lead Security Engineer - Project Advisory, Information Security Services, Technology and Operations
Group Technology and Operations (T&O) enables and empowers the bank with an efficient, nimble and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In Group T&O, we manage the majority of the Bank's operational processes and inspire to delight our business partners through our multiple banking delivery channels. Responsibilities
• Participate, perform threat modeling, risk assessment, and recommend information security controls/processes for key projects
• Perform information security due diligence on outsourcing service providers, including conducting site audit of their premise and facilities.
• Explain assessed risk and recommended security controls/processes to key stakeholders including senior management
• Build and maintain security tools for securing the use of public cloud e.g. AWS, GCP
• Provide guidance and mentoring to less experienced security engineers
• Collaborate with colleagues on information security solutions
• Evaluate, recommend and drive the use of new technologies and processes that will enhance the bank's security strength while balancing user experience and security objectives
• Respond to information security issues during each stage of a project's lifecycle Requirements
• Working experience in performing information security risk assessment and threat modelling
Working experience in the information technology domain (computer/mobile application, APIs, container technology such as Dockers, public cloud, data science etc) and preferably in the information security domain
• Experience performing system analysis and design requirements gathering.
• Bachelor's or Master's degree in Computer Science or equivalent
• Professional certification such as CISSP, GIAC GISP will be an added advantage
• Able to travel on a need to basis
• Possess good technical knowledge in various security tools (end-point, network, authentication etc)
• Good understanding of regulatory requirements (e.g. MAS Technology Risk Management Guidelines, PCI DSS, Personal Data Protection Act)
• Knowledge of tactics, techniques, and procedures associated with malicious insider activity, organized crime/fraud groups and both state and non-state sponsored threat actors.
• Able to perform coding on need-to basis to build or enhance existing security solution
• The following will be added advantage:
- Knowledge and working experience of financial security standards such as EMV, PCI DSS
- Working experience developing applications or managing infrastructure services for public cloud such as AWS, GCP, Azure, MS Office365
- Public cloud certifications Apply Now
We offer a competitive salary and benefits package and the professional advantages of a dynamic environment that supports your development and recognises your achievements.