- Responsible for providing information security recommendations and risk assessments; perform regular security assessment and penetration test and govern outsourcing service providers
- Design, develop and update Information security policies, standards and guidelines.Promote security awareness within the Group.
- Research security standards, security systems and authentication protocols.
- Analyze and report to management, and investigate into any non-compliance of risk management policies and protocols.
- Involve in project teams on developing a new system for the bank. Provide solution and advices related to security of the system, network and IT infrastructure.
- Perform risk analyzes on existing security infrastructure and implement security enhancements.
- Implement systems and procedures to enable digital forensics capabilities.
- Develop technical requirements and controls for network, system and data security.
- Provide technical guidance to systems and network team regarding security configurations.
- Participate in developing, tuning and implementing threat detection analytics.
- Communicate the risk management standards, policies and procedures to stakeholders.
- Define appropriate framework for cybersecurity monitoring.
- Analyze cybersecurity incidents and make recommendation on remediation actions.
- Collect data on cybersecurity related risk, attacks, breaches and incidents.
- Investigate security incidents by gathering evidence and reviewing system logs / audit trails.
- Prepare and conduct security awareness training to the bank.
- Conduct regular security assessment on the system, network and IT infrastructure used by the bank.
- Play a governance role on the IT outsourcing service providers and perform regular security assessment on IT outsourcing service providers.
- University graduate in Computer Science / Information Technology or equivalent
- Banking exposure is essential
- Over 6 years of relevant work experience in information security / cybersecurity
- Solid experience in performing vulnerability scanning, penetration test and technology risk assessment
- In depth knowledge in the security controls of client server technology, web applications (using HTML, Java and .NET) and database (such as Oracle, DB/2, MS-and SQL etc.)
- Strong information security sense in relation to business requirements
- Mature, independent and able to deliver quality results under schedule