Research and review the latest Information Security threats. Plan, develop, test and implement security measures to protect the Branch's information.
Work closely with Head Office Information Security Division on various tasks as required and ensuring practices from Head Office's policies are aptly applied in Singapore Branch.
Advice stakeholders periodically on the latest threat intelligence and trends. Provide regular reporting and updates of any abnormalities, lapse, and incompliance with Group and Regulatory requirements.
Work closely with Singapore Branch's Infrastructure and Support team on the following:
Resolve day-to-day IS-related issues;
Participate in the testing of disaster recovery plans;
Review and conduct Threats/Vulnerabilities assessment;
Review and validate annual Technology Risk Assessments, Participant Security Program Assessment and other IS-related assessments performed by IT Infrastructure & Support team.
Ensure adherence to Information Security and Data Protection best practices and regulations as issued from time-to-time from competent authorities.
Perform periodic and ongoing reviews to assess the adequacy of IS-related tools / measures (e.g. end-point Data Leak Protection, Anti-virus) and provide recommendations for enhancement to senior management.
End-to-End investigation into Security Breaches/Major Incidents, and to file incident reports within the timeframe in accordance with the Group / MAS incident reporting guidelines.
Coordinate and facilitate IS-related internal/external audits and ensure any IS-related audit findings are remediated timely by the relevant stakeholders.
Escalation and operational risk incident to Singapore Branch Operational Risk Coordinator promptly and to provide remediation within the assigned timeline.
Prepare and conduct regular Information Security awareness training.
Carry out any other tasks in related to Information Security as assigned by Management.
Minimum 5-7 years' of experience in the areas of Information Security.
Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or similar credentials is advantageous.
Strong technical knowledge and familiar with the following technologies:
Privileged Access Management
Data Loss Prevention Technologies
Security Incident and Event Management (SIEM)
Networking concepts and protocols
Web Content filtering tools
Knowledge of local regulations (i.e. MAS TRMG), industry standards (i.e. ISO 27001) and ethics as they relate to cyber security.
Problem solving and organizational skills.
Good written & verbal in both communication & presentation skills.