AVP / Snr Assoc , Lead Security Engineer - Project Advisory, Information Security Services, Technology and Operations
Business Function Group Technology and Operations (T&O) enables and empowers the bank with an efficient, nimble and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In Group T&O, we manage the majority of the Bank's operational processes and inspire to delight our business partners through our multiple banking delivery channels. Job Summary We need an experienced technology specialist to join our in-house Information Security Services team in a long-term position. The successful candidate will serve two functions within the company. First, he or she will participate in various bank projects as an information security engineer to perform threat modeling, risk assessment and engineer information security related solutions to support the project; and second, the Information Security Specialist will evaluate and drive the use of new technologies to enhance the security strength of our organization.
We're looking for a responsive, highly productive professional who can work with numerous business and technical employees and vendors to deliver quality project advisory services. Responsibilities
- Evaluate, built, implement and operate security tools for monitoring and securing public clouds (AWS, GCP, Azure)
- Perform risk assessment for business, application and infrastructure use of public cloud
- Participate, perform threat modeling, risk assessment, and recommend information security controls/processes for key projects
- Perform information security due diligence on outsourcing service providers, including conducting site audit of their premise and facilities.
- Explain assessed risk and recommended security controls/processes to key stakeholders including senior management
- Provide guidance and mentoring to less experienced security engineers
- Collaborate with colleagues on information security solutions
- Evaluate, recommend and drive the use of new technologies and processes that will enhance the bank's security strength while balancing user experience and security objectives
- Respond to information security issues during each stage of a project's lifecycle
Functional / Technical Competencies
- Working experience developing applications or managing infrastructure services for public cloud such as AWS and GCP
- Working experience in the information technology domain (computer/mobile application, APIs, container technology such as Dockers, public cloud, data science etc) and preferably in the information security domain
- Experience performing system analysis and design requirements gathering.
- Bachelor's or Master's degree in Computer Science or equivalent
- Professional certification such as CISSP, GIAC GISP will be an added advantage
- Public cloud certifications
- Able to travel on a need to basis
Apply Now We offer a competitive salary and benefits package and the professional advantages of a dynamic environment that supports your development and recognises your achievements.
- Possess good technical knowledge in various security tools (end-point, network, authentication etc)
- Good understanding of regulatory requirements (e.g. MAS Technology Risk Management Guidelines, PCI DSS, Personal Data Protection Act)
- Knowledge of tactics, techniques, and procedures associated with malicious insider activity, organized crime/fraud groups and both state and non-state sponsored threat actors.
- Able to perform coding on need-to basis to build or enhance existing security solutions.