Group Technology and Operations (T&O) enables and empowers the bank with an efficient, nimble and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In Group T&O, we manage the majority of the Bank's operational processes and inspire to delight our business partners through our multiple banking delivery channels. Job Summary
We need an experienced technology specialist to join our in-house Information Security Services team in a long-term position. The successful candidate will serve two functions within the company. First, he or she will participate in various bank projects as an information security engineer to perform threat modeling, risk assessment and engineer information security related solutions to support the project; and second, the Information Security Specialist will evaluate and drive the use of new technologies to enhance the security strength of our organization. We’re looking for a responsive, highly productive professional who can work with numerous business and technical employees and vendors to deliver quality project advisory services. Responsibilities
- Participate, perform threat modeling, risk assessment, and recommend information security controls/processes for key projects
- Perform information security due diligence on outsourcing service providers, including conducting site audit of their premise and facilities.
- Explain assessed risk and recommended security controls/processes to key stakeholders including senior management
- Provide guidance and mentoring to less experienced security engineers
- Collaborate with colleagues on information security solutions
- Evaluate, recommend and drive the use of new technologies and processes that will enhance the bank’s security strength while balancing user experience and security objectives
- Respond to information security issues during each stage of a project’s lifecycle
Functional / Technical Competencies
- Working experience in the information technology domain (computer/mobile application, operating systems, database, cloud, big data etc) and preferably in the information security domain with at least 3 years of recent financial industry working experience
- Experience performing system analysis and design requirements gathering. Programming skill and knowledge of data flow diagrams is an advantage.
- Bachelor’s or Master’s degree in Computer Science or equivalent
- Professional certification such as CISSP, GIAC GISP will be an added advantage
- Able to travel on a need to basis
- Regional experience is preferred.
- Possess good technical knowledge in various security tools (end-point, network, authentication etc)
- Good understanding of regulatory requirements
- Knowledge of tactics, techniques, and procedures associated with malicious insider activity, organized crime/fraud groups and both state and non-state sponsored threat actors.
- Able to perform coding on need-to basis to build or enhance existing security solution
- The following will be added advantage:
- Knowledge and working experience of financial security standards such as EMV, PCI DSS
- Experience in securing public cloud deployments such as on AWS, Azure, Ali Baba
- Good networking with other security professionals in the financial industry
We offer a competitive salary and benefits package and the professional advantages of a dynamic environment that supports your development and recognises your achievements.