Responsibilities
• Understand the current system security measures and implement security enhancements in line with organizations goals and objectives
• Conduct regular system tests and audits by validating and verifying technical controls in minimizing the risk
• Good understanding of business requirements, identify key security requirements and articulate it to business effectively and efficiently in terms of actual risk and safeguards, risk management
• Good understanding of guidelines such as MAS TRM, ISO and NIST standards or equivalent
• Good knowledge on Security Incident Response and run book preparation for emerging and new threats, applying safeguards where possible to minimize the threat.
• Sound understanding on Ransomware, XSS, Injection and other similar attacks
• Participate in various business meetings to understand the entire data flow and recommend security solutions to mitigate the concerns/risks
• Good knowledge and understanding of encryption technologies (both symmetric and asymmetric algorithms) and its applications
• Participates in various compliance programs, audits the report and recommend to reflect the accurate security posture to make business decisions
• Establish and oversee a formal vulnerability and testing program.
• Oversee the patch cycle and ensure that patches are performed at regular intervals
• Participate in Account Recertification programs and be a key player to take ownership and sign appropriate forms necessary as security exceptions
• Liaise with Internal Audit, Corporate Compliance, Office of General Counsel and Risk.
• Conduct security campaigns to organization such as Phishing, Data Leakage, etc.
• Management to remediate new and outstanding issues; track security-related issues in the GRC system.
• Participate in design activities and provide various solutions to ensure security is not compromised at various phases of the program lifecycle
• Recommend and provide templates where possible for end users to assist in minimizing the security risks
• Train other staff and external clients as necessary.
• Manage, coach, lead and develop a small/mid staff of GRC personnel.
• Directly responsible for procedures and controls to assure compliance with applicable regulatory and legal requirements as well as good business practices.
• Establish and oversee formal risk analysis and self-assessments program for various Information Services systems and processes.
Requirements
• Degree/Degree in IT / Computer Science / related discipline with 12-15+ years of relevant experience in Cyber Security.
• Should have played Security Lead Role in Transformation and Operate program.
• Experience in industry frameworks such as ABS, SSAE, SOC2 etc.
• Good understanding of the following :
• Infrastructure and Network security, Cloud Security, Identity and Access Management, Privileged Management (CyberArk), Compliance with Banking Regularity compliance (BFSI), HIPAA, PCI and the NC Identity Theft law., Firewall security, IDS/IPS placement, SIEM tools, Wireless Security, End point security, Data Loss Prevention, Web Application Security, Threat Hunting/Threat Intel
• Familiarity with industry compliance and security standards including MAS TRM, HKMA, PCI DSS, ISO 27001 and NIST
• Working experience in Cyber Security SecOps
• Customer focused with strong communication, Strong written and verbal communication skills
• Able to multi-task and prioritize incidents & requests accordingly.
• Strong analytically with a natural ability to solve complex issues.
• Industry and Technology certifications such as CRISC, CISA, CISSP, CISM, CEH
• Excellent customer interfacing skills.
Licence No: 12C6060
