Description du poste

Position

We are looking for a Cybersecurity Engineering Specialist with expertise in Security Engineering and Risk Management. Joining the IT Security Officer team within the Chief Information Security Officer (CISO) department, you will focus on reviewing and assessing the security of our corporate desktops, servers, infrastructure applications and networks. Your responsibilities will include policy enforcement, risk management and cyber risk assessments, ensuring alignment with internal information security policies, standards, and external regulatory requirements. This role requires a strong understanding of security best practices, knowledge in Cloud technologies, and hands-on experience with enterprise security tools and frameworks. You will collaborate with the Credit Agricole CIB security community across ASIA and with other global entities.


Main Responsibilities

1.    Security Engineering
Ensure security requirements are incorporated early into the systems development lifecycle of the enterprise IT infrastructure, systems, and applications.
Ensure governance through regular review, reporting and monitoring to ensure compliance with Policies and Standards, and alignment with regulatory requirements.
Evaluate and recommend security tools, technologies, and frameworks to strengthen the security posture of the bank.
Collaborate with stakeholders including IT infrastructure, DevOps, and application teams to ensure security measures and best practices are integrated throughout the development lifecycle of financial applications and services.
Prepare RFQ and evaluation criteria, Proof of concept (POC) during product evaluation. Consulting with vendors to implement security solutions.
Stay updated on emerging security threats and proactively provide solutions to safeguard IT systems from evolving risks.
2.    Governance and Risk Management
Conduct Cybersecurity Risk Assessments on IT systems and/or applications. (on-premises and cloud infrastructure).
Ensure security measures described in the risk analysis of IT projects are properly implemented.
Ensure that the audit on the Information systems has security measures in place that comply with the security policies and standards.
Identify gaps, deficiencies, or deviations on the implementation of the controls and analyse areas for improvement.
Collaborate with cross functional teams to provide evidence and insights during internal and external audits.

3.    Identity and Access Management (IAM)
Ensure Identity Access Management (IAM) policies around access management such as Role-based access control (RBAC), password management, Privileged access management (PAM) comply with security policies and standards.

Complément

4.    Data Protection
Ensure the implementation of data protection strategies are aligned with regulatory and operational requirements of the banking sector. This includes data classification, encryption, and key management (HSM, KMS).
Ensure the implementation of data loss prevention (DLP) solutions is adequate to mitigate the risk of unauthorized access, leakage, or alteration of critical data.
Ensure data access controls that are implemented follow security policies and standards, and regulatory requirements.


5.    Collaboration and Support
Work closely with cross-functional teams such as IT infrastructure, DevOps and Risk management including technology and business stakeholders, to ensure that security requirements are incorporated into system designs and day-to-day operations.
Ensure security training and awareness is provided within the bank to foster a culture of vigilance and proactive security.
Pro-active self-starter demonstrates initiative and works independently with minimum supervision.
Able to work independently and in a collaborative environment.