The incumbent is expected to govern cybersecurity and information security strategy planning, related program and project delivery, incident management etc. The coverage will span a list of subsidiary entities under the SMBC Group’s Multi-Franchise strategy, and these entities are supervised by SMBC Asia Growing Markets Department (AGMD).
Job Responsibilities
- Responsible for executing and maintaining the cybersecurity governance policies, framework, and processes with reference to applicable regulations and internal policies, for the list of entities supervised by AGMD. This responsibility covers areas such as cybersecurity program and project delivery, compliance to regulations and standards, cybersecurity assessment and incident management, security KRIs etc.
- Collaborate with key stakeholders in each entity to develop and update cybersecurity policies and procedures that align with regulatory requirements, internal policies, and industry standards.
- Ensure compliance with relevant and applicable cybersecurity regulations and standards, such as GDPR, HIPAA, ISO 27001, and NIST and track changes in the regulatory landscape.
- Coordinate and participate in cybersecurity alerts, assessments and audits, for the list of entities, to evaluate the effectiveness of security controls and recommend improvements.
- Support Group-wide Security Operations Centres, in defining incident response plans for the list of entities, including disseminating security alerts, escalating security incidents, and tracking all tasks for execution and closure. Through this participation, conduct thorough cybersecurity risk assessments to identify and evaluate potential threats, vulnerabilities, impact on organizational assets, recovery from cybersecurity incidents etc.
- Develop and implement risk mitigation strategies and action plans to address identified vulnerabilities and reduce the overall cybersecurity risk posture.
- Define and track key cybersecurity metrics to measure the effectiveness of risk management activities and prepare regular reports for senior management.
- Implement continuous monitoring processes to proactively identify and address emerging cybersecurity threats and vulnerabilities.
Job Requirements
- Bachelor’s degree in IT or equivalent with a min. 12 years of working experience with good knowledge and experience of cybersecurity and information security risk management, preferably within the Financial Services sector.
- Solid information technology and security knowledge of relevant financial services regulations and policies of Singapore and Asia region.
- Experience in Cybersecurity and Information Security Governance Reviews, Controls Testing and Assurance.
- Good understanding of the overall cybersecurity operational processes in the financial services industry.
- Proven ability to understand, identify, analyze, and communicate the operational risks within processes, in a structured and logical approach.
- Proven experience in applying legal/regulatory guidance into solving practical problems.
- Strong decision-making skills, with the ability to demonstrate sound judgement.
- Strong problem solving and numerical skills and well-verse in interpersonal communication and presentation skills.
- Ability to manage and prioritize large workloads and deliver within tight deadlines.
- Ability to appreciate diverse cultures and facilitate smooth communications between HQ, Singapore office and entities.
