1. Involve and complete the review of IT processes, controls and mitigation plans, both internally and at
our outsourced service providers (OSP).
2. Advise and promptly apprise key stakeholders or process owners of all key IT risk, control or
regulatory issues arising during the assessments.
3. Develop, deploy or simulate technical test cases, and/or POC, and follow up on control issues for
proper implementation, at the same time, develop a mechanism/solution to ensure the issue is also
adequately addressed across function and locations.
4. Collaborate with security architecture and engineers, infrastructure and applications teams and
vendors to identify innovative security as well as controls and actively apply these solutions to
advance Group security and controls posture in our internal processes and outsourced vendor
5. Review operations within OSP’s environment in line with global IS security standards, guidelines, and
procedures for ensuring high levels of integrity, confidentiality, and availability of all IT resources.
6. Identify security operations gaps, vulnerabilities, associated risks and mitigation strategies in our
internal and outsourced vendor environment
7. Liaise with auditors and regulators.
1. Prior experience in either banking, IT risk management, security-related or IT audit (preferred)
2. IT professional with good understanding of technology platform and solutions;
3. Familiar with technical security solutions surrounding various technologies such as but not limited to:
- IDS, IPS, firewall management, antivirus, content filtering, secure email solutions, network sniffing,
- log management & analysis, forensics, VPN, load balancing, routing, switching and network management
4. Experienced IS security professional with experience and exposure to DevOps, open source development and cloud technologies (preferred)
5. Up to date with open-source development environments & tools preferred, using tools & techniques
relating to searches, data manipulation & movements, etc.