Job description

Position
IT Security Officer (ITSO)
IT Security Officer role is responsible for managing and supervising Information Technology Security matters for the Bank in Singapore and ensuring that the execution of Information Security activities are in alignment with Banks’ Security Policy and Standards. Person is also in charge of coordination of operational security of Information Systems, conducting Cyber Security Risk Assessment and ensuring effective management of IT Security initiatives in Singapore.

Main Responsibilities (not limited to)

• Information Systems in Singapore are in alignment with Groups’ Security Policies and Standards;
• Develop, contribute and establish local Security Policies, guidelines, standards and processes (as applicable) in conformance to Group’s Information System Security Policies, Governance Texts and local regulatory requirements.
• Conducting Information Security (Cyber) risk assessments to identify Cyber risks, develop and maintain adequate and comprehensive mitigation and deliver subsequent corrective actions when KPI results are unsatisfactory.\
• Advising business teams, technology teams and leadership on implementing cyber security best practices for managing cyber and technology risks.
• Maintaining oversight on Key Cyber risk/IT Security indicators in scope;
• Maintaining oversight on the deployment of various Security Programs and projects running for the bank in the region.
• Coordinate studies on security requirements for implementing new IT Security solutions and provide consultation support on IT infrastructures and Applications teams
• Ensuring all Security related requests and derogations are reviewed and granted based on Security Risk Assessments;
• Ensuring the Vulnerabilities under the perimeter are managed and mitigated as per the defined Vulnerability Management Process;
• Assist and recommend the Local IT teams to define and implement remediation actions plans derived from audits or security reviews.
• Follow up on IT security related audit recommendation action plans falling under SG or other entities
• Maintain and Publish the Security Dashboard for Singapore for the Security KPIs;
• Supporting the IT Permanent Controls team and CLSi function on technical matters related to IT Security topics;
  Ensuring technical security projects for the region are
• properly taken into account and effectively delivered;
• Accompanying local IT teams in technical security topics where Security expertise and advices could be needed, to ensure proper implementation of standards and best practices;
• Acting as an entry point for all technical security related matters to assess the overall Information Systems Security;
• Raising operational security needs or constraints, or local constraints, proposing solutions and possible adaptations of standards in case they cannot cover a precise local requirement (for example due to a local regulation);
  
  

Complément

Helping IT teams in deploying level 1 and level 2.1 controls required by ISS control plans.
Should be able to take up additional responsibilities as needed for the operations or as assigned by the manager;
Comply with all applicable legal, regulatory and internal Compliance requirements, including, but not limited to, the Singapore Compliance manual and Compliance policies and procedures as issued from time to time; Financial Security requirements, including, but not limited to, the prevention of Financial Crime and Fraud including reporting obligations to the Money Laundering Reporting Officer/Compliance Officer.
Maintain appropriate knowledge to ensure to be fully qualified to undertake the role. Complete all mandatory training as required to attain and maintain competence.