Astek is offering a role of Application Security Consultant for one of our project based in Singapore.
Security Architecture:
- Plan, research, and design security architectures for IT systems
- Review and approve security requirements for applications and IT setup
- Ensure compliance with security architecture standards, including third-party and cloud security risks
- Protect Wealth Management business data and assets with adequate security levels
- Identify and manage IT security risks proactively
- Provide regular security reports to management
Security Projects
- Participate in and track various initiatives aimed at enhancing Wealth Management's security stance
- Monitor and report progress on these initiatives to management
- Identify, document, and report IT risks identified during these initiatives
Security compliance
- Align with Group and Wealth Management GAIM security policies for project and production assets
- Ensure compliance with regulatory requirements from APAC (HKMA, MAS), EU (GDPR), Switzerland (FINMA), and others
- Utilize deep knowledge of security standards like NIST, CIS, ISO2700x to ensure IT security requirements compliance
- Ensure compliance with third-party technology risks and cloud security regulations
Data Management and Data analytics/science technologies
- Stay updated on data security and protection regulations and measures
- Familiarize with data analytics and data sciences technologies, including standard practices and cloud solutions
- Implement Data Management, Data analytics, and data science solutions in line with Group security architecture requirements (e.g., Tableau, PowerBI, AI, R, Python, DevSecOps, API management)
- Proactively identify, document, and follow up on IT security risks
- Provide regular security reports to management
Coordination activities
- Align with objectives and contribute to global reporting (e.g., WM Cybersecurity Committee, WM Project Architecture, Security validation committees, Application Security Dashboard)
- Coordinate with Global security teams for integrating WM assets into production sites
- Stay updated on IT Security initiatives within the Group and engage with other IT Security stakeholders
Security Posture
- Take part in deploying new security practices and DevSecOps pipeline
- Ensure adherence to SSDLC practices
- Contribute to awareness and training activities
- Report on identified risks and security deviations
Requirements:
- Strictly 5-8 years' experience in information security and IT risk management.
- Experience in evaluation and design of technical architectures and processes
- Functional as well as technical knowledge of the common architecture and Cybersecurity frameworks and solutions
- Proficient in network protocols, connectivity, Firewall, and Internet technologies
- Familiar with secure application design, DevSecOps tools, and CI/CD practices
- Skilled in secure access control, encryption, and key management techniques
- Technical expertise in various operating systems (Linux, Windows, AS400) and databases (Oracle, MSSQL, PostGreSQL, MongoDB)
- Knowledgeable about digital transformation, mobile technologies, Cloud (Containers Docker, Kubernetes), and emerging technologies like NFT and encryption
- Familiarity with OAuth, Single Sign-On, API-based approaches, TDD, BDD
- Understanding of standard IT security concepts, methodologies, cybersecurity threats, and remediation
- Proficient in IT Security Risk Assessment and Risk Management
- Knowledgeable about banking regulations, especially in the international and APAC regions, and specific to Wealth Management