Risk Manager (Associate Director)
- Singapore Singapore Singapore SG
- Permanent, Full time
- Bank of Singapore
- 21 Aug 18 2018-08-21
Risk Manager (Associate Director)
At Bank of Singapore, we are constantly on the lookout for exceptional individuals to join our team. We promote a culture of openness, teamwork and fairness. Most importantly, we invest in our people through our programmes that develop them on both professional and personal levels. Besides attractive remuneration packages, we offer non-financial benefits and opportunities to develop your potential within OCBC Group’s global network of subsidiaries and offices. If you have passion, drive and the will to succeed, rise to the challenge today!
The primary responsibility is to support Technology Information Security Management Team Lead to provide efficient and effective risk management and governance for Technology-related areas for the Technology Information Security Office (TISO) .
- Work with and provide guidance to project managers and IT teams in performing risk management of projects and existing systems according to established TISM processes. These involved:
- Risk Assessment
- Security review of systems, highlight security risks, and make recommendations to mitigate the risks.
- Activities include outsourcing security review, external connection review, network security assessment, and business criticality assessment.
- Firewall Rules Review
- Review of firewall rules for excessive access and risky services.
- Security Configuration Review
- Security configuration review of technology platforms to ensure that they are adequately secured.
- Security Testing (Vulnerability Assessment and Penetration Testing)
- Work with project manager and IT teams to ensure that security testing is performed on IT systems.
- Facilitate and ensure penetration testing on internet-facing systems is performed annually.
- Perform periodic vulnerability assessment of all production networks.
2. Perform scheduled CSIRT duties, and support CSIRT Commander in the event of a security incident.
3. Review and update current CSIRT procedure to comply with regulatory and internal requirements, and current threat landscape
Security Processes/Initiatives and Management Reporting
4. Engage stakeholders to review, update, and formalise security standards, processes and procedures.
5. Maintain oversight and adherence to established security processes, procedures and checklists. This includes alignment to the Head Office information security policies, guidelines and standards.
6. Advice stakeholders on security gap remediation, track identified security gaps to closure and escalate potential delays to management in a timely manner
7. Support department initiatives and ad-hoc work as assigned - audit / regulatory inspection and request from the Head Office, etc.
- The position of requires a minimum of 8 years (Associate Director) of working experience in IT security management, risk management, audit or equivalent in the banking environment.
- Familiar with risk management methodology and experience in management and/or assessment of security technologies, processes and recommending the appropriate controls requirement.
- Ability to identify security risks and assess adequacy of controls as well as being able to make suitable recommendations for control enhancements are key requirements for this role.
- Customer service focused. Ability to empathize with clients' needs and instil confidence that their issues will be resolved efficiently without compromising on controls requirements. Applicant for Associate Director must be able to build strong working relationships with the IT stakeholders and other business units within Bank.
- Self-driven and seek continuous improvement on existing processes / procedures / checklists. Associate Director must be an independent self-starter, able to multi-task and think out-of-box.
- Experienced in using automated tools to perform firewall rules review, security configuration review and vulnerability discovery.
- Applicant for Associate Director should possess cyber-security experience
- Possessed strong analytical and report writing skills.
Minimum Bachelor degree required or equivalent technical expertise.
Possessed one of the following professional certifications such as CISM, CISSP, CISA or CRISC.