Position
IT Security Officer (ITSO)
IT Security Officer role is responsible for managing and supervising Information Technology Security matters for the Bank in Singapore and ensuring that the execution of Information Security activities are in alignment with Banks’ Security Policy and Standards. Person is also in charge of coordination of operational security of Information Systems, conducting Cyber Security Risk Assessment and ensuring effective management of IT Security initiatives in Singapore.

Main Responsibilities (not limited to)

• Information Systems in Singapore are in alignment with Groups’ Security Policies and Standards;
• Develop, contribute and establish local Security Policies, guidelines, standards and processes (as applicable) in conformance to Group’s Information System Security Policies, Governance Texts and local regulatory requirements.
• Conducting Information Security (Cyber) risk assessments to identify Cyber risks, develop and maintain adequate and comprehensive mitigation and deliver subsequent corrective actions when KPI results are unsatisfactory.\
• Advising business teams, technology teams and leadership on implementing cyber security best practices for managing cyber and technology risks.
• Maintaining oversight on Key Cyber risk/IT Security indicators in scope;
• Maintaining oversight on the deployment of various Security Programs and projects running for the bank in the region.
• Coordinate studies on security requirements for implementing new IT Security solutions and provide consultation support on IT infrastructures and Applications teams
• Ensuring all Security related requests and derogations are reviewed and granted based on Security Risk Assessments;
• Ensuring the Vulnerabilities under the perimeter are managed and mitigated as per the defined Vulnerability Management Process;
• Assist and recommend the Local IT teams to define and implement remediation actions plans derived from audits or security reviews.
• Follow up on IT security related audit recommendation action plans falling under SG or other entities
• Maintain and Publish the Security Dashboard for Singapore for the Security KPIs;
• Supporting the IT Permanent Controls team and CLSi function on technical matters related to IT Security topics;
  Ensuring technical security projects for the region are
• properly taken into account and effectively delivered;
• Accompanying local IT teams in technical security topics where Security expertise and advices could be needed, to ensure proper implementation of standards and best practices;
• Acting as an entry point for all technical security related matters to assess the overall Information Systems Security;
• Raising operational security needs or constraints, or local constraints, proposing solutions and possible adaptations of standards in case they cannot cover a precise local requirement (for example due to a local regulation);
  
  

• Helping IT teams in deploying level 1 and level 2.1 controls required by ISS control plans.
• Should be able to take up additional responsibilities as needed for the operations or as assigned by the manager;
• Comply with all applicable legal, regulatory and internal Compliance requirements, including, but not limited to, the Singapore Compliance manual and Compliance policies and procedures as issued from time to time; Financial Security requirements, including, but not limited to, the prevention of Financial Crime and Fraud including reporting obligations to the Money Laundering Reporting Officer/Compliance Officer.
  Maintain appropriate knowledge to ensure to be fully qualified to undertake the role. Complete all mandatory training as required to attain and maintain competence.

Degree and above relevant discipline

Candidate Profile

• Must have a minimum 10 years of relevant experience in IT Security domain;
• Must be a bachelors/masters/engineering graduate or equivalent technical degree in Information Technology or Computer Science;
• Must have knowledge of different domains of Information Security;
• Must have prior hands-on experience in governance, managing and operating the Information System Security;
  Should have experience in working in first and second line of Cyber defense;
• Must have experience in conducting Cybersecurity Risk Assessments, security reviews of IT Projects;
• Must have experience in Security Exceptions management
  Ability to apply risk based approach while working on assigned responsibilities;
• Experience in defining, implementing, and enforcing enterprise-level Information Security Policies
• Excellent in analytical, communication and documentation skills;
• Must have strong understanding of ITIL processes and comfortable working in process oriented environment;
• Should have time management skills and able to manage work in fast moving environment;
• Should have excellent written and oral English language skills;

Professional Certifications :

• CISSP certification is must
• Any other IT Security or Cyber Risk related certifications are desirable

Work Schedule

• Work Hours: 8.45a.m. to 6. 30p.m (Monday to Friday) with one-hour lunch break.