Roles & Responsibilities:
KEY ACCOUNTABILITIES
- Conduct security design review and security risk analysis of new projects, technologies, and
- applications. Provide security requirement and advisory during design and implementation phase
- and validate the implementation of such requirement before go production.
- Be the subject matter experts to provide security consultancy for various stakeholders
- APAC across broad spectrum of information security domains, including Cloud platform security,
- DevSecOPS, SaaS/PaaS security, data security, application security, and infrastructure security.
- Act as a SME with strong technical security expertise, working with numerous teams
- APAC on digital transformation projects, cloud onboarding projects and various group Cyber
- Hygiene and security control enhancement initiatives.
- Work together with Group Information Security team to ensure alignment of local country security controls with regional and group security policy/standard/guideline.
- Work closely with stakeholders from different local country business units including business team, IT, 2nd line enterprise/operation risk, and group/external 3rd line auditor to ensure effective security controls are in place, meeting both internal policy requirement and regulatory requirement on TRM and Cyber Security.
EXPERIENCE / QUALIFICATIONS
- At least 10 years of work experience in information security, preferably within financial institution, or from a consulting firm.
- Knowledge and experience within the following domains: Cloud security, DevSecOPS, application security within SDLC, data leakage prevention, access control/IAM/OAUTH, API security, vulnerability management, perimeter defence mechanisms such as WAF and DDOS, understanding of emerging threats as well as familiarity with reading and interpretating application penetration test results. A plus to have knowledge in agile development.
- Demonstrated experience of working with teams spanning across multiple geographic regions
- Strong security risk management mindset and security analytical skills.
- Knowledge and understanding of regulatory requirement on TRM and Cyber Security.
- Strong stakeholder engagement skills and able to work independently with accountability over deliverables.
- Act as an individual contributor, as well as a good team player.
- Can effectively navigate through a complex environment undergoing change and possess the willingness to get things done.
- Ability to deliver work within tight timescales, to budget and to a high quality.
- Holder of CISSP and either one or more of below IT security certificates CISA, CISM, CCSP
Company Reg. No.: 201131609D | Licence No.: 11C4684 | EA Reg No.: R 1440978
