Job Responsibilities:
TISO Third-party Cybersecurity Specialist is responsible for conducting cybersecurity assessment on third-party service providers, approving the Bank’s new products offerings and supporting the businesses as the subject matter expert on cybersecurity for third party engagements. The candidate will also work with other peers in the team to support OCBC Group and its subsidiaries, with the aim to enhance the Bank’s overall cybersecurity posture and maintain the trust of customers in an increasingly interconnected business environment amidst evolving cyber threat landscape involving supply chain attacks.
Description
- As a subject matter expert, perform assessment of third-party service providers’ cybersecurity posture and identify potential security risks from third-party engagements, in accordance with the Bank’s security standards.
- As a subject matter expert, assess the security and identify potential security risks arising from new product offerings, in accordance with the Bank’s NPAP requirements.
- Collaborate closely with businesses and the Bank’s Third-Party Risk Management (TPRM) team to ensure security risks are identified and communicated so that business can make an informed decision.
- Review and enforce information security policy, standards and guidelines for IT business application and infrastructure projects
- Identify IT security risks and conduct security assessment for IT business application and infrastructure projects.
- Undertake new security projects to improve the security controls, efficiency and ease of use.
- Review and document assessment and remediation activities following established processes and procedures.
- Continuously formulate, maintain, and enhance assessment approach, questionnaire and procedure.
- Continuously focus, strategise and provide recommendations to improve the effectiveness of processes and programs.
- Perform reporting and tracking of work deliverables.
- Keep abreast of emerging third-party security threats and technologies to understand the evolving risk and better safeguard the organization.
Job Qualifications
- Degree in IT, Computing, Cyber Security or Computer studies, or the equivalent in related experience (IT Security, Controls and Risk Management).
- Minimum 5-10 years relevant working experience in Cybersecurity/ IT Security Audit. IT Security/ Project Security Assessment experience preferred.
- Experience in industry standards and regulations such as MAS TRM, OSPAR, ISO 27001, SOC2 Type 2, PCI-DSS, NIST, etc.
- Knowledgeable in compliance with MAS TRM, ABS, BNM, HKMA, CBRC, etc, guidelines and regulatory notices.
- Strong understanding of the Banking industry information security policy and standards, regulatory and industry trends, good practices in providing practical and appropriate recommendation, resolution and remediation options to the businesses.
- Ability to multi-task and work independently with minimum supervision as well as part of an assessment team.
- Ability to leverage attention to detail and analytical skills
- Excellent written and verbal communication and interpersonal skills with good command on English
- Certified in CISSP, CCSP, CISA or CRISC would be preferred
- Knowledgeable in IT controls, application security and risk management methodology
- Knowledgeable with cryptographic algorithm/functions and key management.
- Knowledgeable in application penetration testing methodologies, such as OWASP will be an advantage.
- Familiarity in Digital Banking and FinTech solutions will be an advantage.
