About BCS:
BCS is NETS’ wholly owned subsidiary, and is an entity within the NETS Group. It manages and operates clearing and payment infrastructure for the Singapore Automated Clearing House, including Fast And Secure Transfers (FAST), Inter-bank GIRO (IBG), Cheque Truncation System (CTS), and provides services for PayNow and SGQR Central Repository.
Position Summary:
You will be part of the BCS Security team where you will work in a highly collaborative environment with cross-functional teams.
You will work in the Governance, Risk & Compliance (GRC) team. You are an expert in cybersecurity frameworks, policies and standards. You are part of the line 1.5 team that ensures the organisation’s compliance to the applicable regulatory requirements.
Key Responsibilties:
- Maintain cyber security policies, standards and procedures
- Manage and perform cyber risks and assessments
- Develop cyber risk documents
- Mitigate cyber security risks
- Conduct research on emerging cyber security & risk management trends, issues and alerts
- Track and monitor new security regulatory guidelines, and assess the compliance of and impact to the organization
- Assess the security deviations and risk acceptance raised by other business units
- Review and update cybersecurity risk assessment methodology and conduct cybersecurity risk assessment for critical systems
- Track remediation efforts for security & audit deficiencies
Requirements:
- Degree or Diploma in Computer Science, Computer Engineering or Information Security related fields
- At least 6 years’ of experience working in technology and/or cybersecurity governance
- Working experience in a highly regulated environment is preferred
- Strong understanding and familiarity with regulatory requirements such as IM8, MAS Notice on TRM, MAS Notice on Cyber Hygiene, MAS Technology Risk Management Guidelines, MAS Outsourcing Guidelines and the CSA Cybersecurity Code of Practice
- Strong understanding of NIST Cybersecurity Framework
- Cybersecurity professional qualifications such as CISSP, CISM, CRISC, CISA, GSEC, CCSK or equivalent would be advantageous
- Excellent problem-solving and analytical skills with a keen eye for details
- Good written and communication skills with ability to interact and engage with stakeholders and all levels of management, including non-technical colleagues
- Ability to work well under pressure and respond to tight deadlines
- Keen interest to constantly improve competency with a positive attitude
- Familiar with emerging technologies and possess an interest to stay abreast of industry developments (e.g. DevOps, Cloud, APIs, service-oriented architectures etc).
- Proficiency with application development experience and programming/coding/Powershell scripting will be an advantageous
- Prior experience in implementing Cybersecurity products such as IAM tools is a plus
