Associate Director - Cloud Security Risk Management

  • Sector: LMA Asia Technology
  • Contact: Cindy Nguyen
  • Contact Email: cindy.nguyen@lmarecruitment.asia
  • Client: LMA
  • Location: Singapore
  • Salary: Negotiable
  • Expiry Date: 18 May 2022
  • Job Ref: BBBH358146_1645083173

Roles & Responsibilities:
KEY ACCOUNTABILITIES

  • Conduct security design review and security risk analysis of new projects, technologies, and
  • applications. Provide security requirement and advisory during design and implementation phase
  • and validate the implementation of such requirement before go production.
  • Be the subject matter experts to provide security consultancy for various stakeholders
  • APAC across broad spectrum of information security domains, including Cloud platform security,
  • DevSecOPS, SaaS/PaaS security, data security, application security, and infrastructure security.
  • Act as a SME with strong technical security expertise, working with numerous teams
  • APAC on digital transformation projects, cloud onboarding projects and various group Cyber
  • Hygiene and security control enhancement initiatives.
  • Work together with Group Information Security team to ensure alignment of local country security controls with regional and group security policy/standard/guideline.
  • Work closely with stakeholders from different local country business units including business team, IT, 2nd line enterprise/operation risk, and group/external 3rd line auditor to ensure effective security controls are in place, meeting both internal policy requirement and regulatory requirement on TRM and Cyber Security.


EXPERIENCE / QUALIFICATIONS

  • At least 10 years of work experience in information security, preferably within financial institution, or from a consulting firm.
  • Knowledge and experience within the following domains: Cloud security, DevSecOPS, application security within SDLC, data leakage prevention, access control/IAM/OAUTH, API security, vulnerability management, perimeter defence mechanisms such as WAF and DDOS, understanding of emerging threats as well as familiarity with reading and interpretating application penetration test results. A plus to have knowledge in agile development.
  • Demonstrated experience of working with teams spanning across multiple geographic regions
  • Strong security risk management mindset and security analytical skills.
  • Knowledge and understanding of regulatory requirement on TRM and Cyber Security.
  • Strong stakeholder engagement skills and able to work independently with accountability over deliverables.
  • Act as an individual contributor, as well as a good team player.
  • Can effectively navigate through a complex environment undergoing change and possess the willingness to get things done.
  • Ability to deliver work within tight timescales, to budget and to a high quality.
  • Holder of CISSP and either one or more of below IT security certificates CISA, CISM, CCSP


Company Reg. No.: 201131609D | Licence No.: 11C4684 | EA Reg No.: R 1440978