About the job
You will be responsible for developing and monitoring the organisation’s safety programmes and procedures. You will conduct safety inspections and recommend the appropriate corrective actions, and will also conduct risk analysis and ensure compliance with the statutory and legal requirements.
You will plan and oversee the monitoring and maintenance of security operations and provide direction and leadership to internal resources. You will provide expertise on security technologies and innovative security concepts and work toward enhancing the resilience of security operations. You will guide the assessment of information and cyber risks and provide recommendations on control requirements. You will also manage and coordinate responses to regulatory inquiries, inspections, audits and ensure cyber security standards and policies are established and implemented.
You will coordinate ongoing reviews of existing security programs, protocols and planned upgrades, and will establishe escalation processes for security incidents and develop contingency plans and disaster recovery procedures. You will identify recurring security issues and risks to develop mitigation plans and recommend process improvements. You will interpret and apply security policies and procedures, and will respond to user incident reports and evaluate the type and severity of security events. He will also document incidents and develop reports.
You will deploy Workplace Safety and Health (WSH) programmes, and implement programmes to steer WSH culture, habits and norms of the organisation. You will clarify WSH programme requirements with employees of other departments and manage Business Continuity for both Singapore and Hong Kong branches. You will determine the consequences of business disruptions and/or crisis scenarios and propose relevant incident responses and business continuity plans.
You will revise the business continuity framework based on new and changing regulations and implement Emergency Preparedness and Response Plans (EPRPs) and communicate plans to stakeholders. You will coordinate EPRP drills and maintenance of emergency response equipment, as well as conduct WSH incident and accident investigations. You will review investigation findings to identify causes of incidents and accidents and propose the corrective and preventive measures to address root cause of incidents. You will prepare incident and accident reports, and monitor the implementation of corrective and preventive actions. You will ensure the technical upskilling for employees and the robustness of technology platforms to facilitate business continuity after crises and incidents.
You will implement cyber security risk strategy and will manage the strategic development and improvement of risk frameworks, methodologies and requirements. You will recommend strategies to address key risk areas in cyber security and assess and anticipate business needs against cyber security concerns and legal and/or regulatory requirements. You will advise senior leaders on critical issues that may affect corporate security objectives, and will provide expertise on security technologies and innovative security concepts. You will provide technical and operational oversight for security tool deployment and implementation, and will establish cyber security standards and policies.
You will liaise with the Group’s Security Officer to implement IT policies and formulate governance procedures for documenting and updating security policy, standards, guidelines and procedures. You will plan the implementation of information systems and cyber security policies and develop the bank’s Cyber Risk Maturity model. You will also develop the policies and frameworks for conducting cyber security risk assessments and compliance audits, and establish guidelines for reporting outcome of cyber risk assessments.
You will coordinate Data Protection recommendations with HR, Legal and Compliance and ensure adherence to the Data Protection Act. You will monitor cyber security risks, systems and operations, and advise on the development of techniques and procedures for the conduct of cyber risk assessments. You will develop plans for cyber risk assessment activities across the organisation and coordinate the ongoing cyber risk assessment activities. You will provide strategic and technical recommendations following identification of vulnerabilities in operating systems and incorporate emerging security and risk management trends, issues, and alerts into risk assessment framework.
You will develop cyber risk mitigation strategies and policies for the organisation, as well as identify and measure critical cyber security operations metrics. You will present periodic cyber security status reports to management, and plan and coordinate 24 x 7 security operations coverage. You will drive continuous improvement of security operations, mitigate cyber security risks, and develop programmes and initiatives to strengthen the capability of the organisation to mitigate risks.
You will develop cyber threat detection and incident alert rules and implement regulations, and present threat awareness reports to technical and non-technical staff. You will organise and conduct cyber security exercises and act as a subject matter expert in cyber security incident and breach investigations and post-breach remediation work. You will propose procedures to prevent future incidents and improve cyber security, as well as monitor the maintenance of the cyber security operations training plans for all security staff.
You will manage responses to regulatory inquiries, inspections or audits, as well as manage responses to cyber security incidents. You will formulate internal guidelines for processing and escalation of cyber security incidents and prepare reports on incidents and breaches of cyber security. You will present the final incident reports on cyber security incidents to senior management for approval and will recommend systems and procedures for the prevention, detection, containment and correction of cyber security breaches.
- Bachelor’s Degree
- At least 7 years of relevant work experience
- Certified Information Security Manager (CISM) or Certified in Risk and Information Systems Control (CRISC)
- Familiar with cyber security standards, protocols and frameworks, and ensure the bank’s compliance with the Cyber Security Act 2018 and Personal Data Protection Act 2012
- Knowledgeable in using various cyber security monitoring and testing tools and techniques
- Vigilant, analytical and systematic in identifying cyber risks and enjoy analysing and investigating such issues
- Strong team player, collaborative in order to solve problems and communicate well both verbally and in writing
- Required to be on standby with on-call availability including nights, weekends and holidays
Your interest will be treated in strict confidence.