Risk & Control Specialist (IT Security), Institutional Banking Group Technology, Technology & Operations
Business Function
Group Technology and Operations (T&O) enables and empowers the bank with an efficient, nimble and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In Group T&O, we manage the majority of the Bank's operational processes and inspire to delight our business partners through our multiple banking delivery channels. Responsibilities - Manage the department's security related process improvements and quality programs by participating in research / advisory services, including capturing of organizational metrics and analysis;
- Perform data analysis or polices/standards/procedures review to ensure compliance to bank security standards
- Provide technical expertise/consultation for process improvement and quality assurance to project managers and other IT teams;
- Work with stakeholders, IT infrastructure, vendors and auditors for projects and audit matters;
- Front all internal and external audits issues for the department and ensure audit action items are closed appropriately and promptly
- Provide timely and periodic update to IBGT managements on IBGT security matters
- Conduct risk assessment for areas highlighted and advise the management on the mitigation control processes to be implemented. E.g. Open Source Technology Stacks and Software
- Track process improvements or issues to ensure timely closure;
- Partner with application managers to ensure risk areas from risk events are properly and effectively mitigated
- Identify and implement preventive measures for process improvement, evaluate potential operational risks
- Identify security operations gaps, vulnerabilities, associated risks, and mitigation strategies in our internal and outsourced vendor environment
- Provide technical expertise/consultation on matters related to management of functional privileged IDs and id administration to vendors and application teams;
- Run the day-to-day operations and tasks of ID control team. E.g. Ensure all privileged ids are lodged into cyber-ark (software password vault), handover to id management , review of privileged ids privileges and usages
- Ensure all the critical applications are onboarded to the bank security monitoring tools
Requirements - Degree in Computer Science, Engineering, Information Technology or related discipline from a recognized University with minimum 5 years of working experience in the Financial / Banking IT industry
- Experience in IT audit or CISA/CISM certified preferred or operational risk management and control self-assessment
- Familiar with Applications Delivery Life Cycle, Project Management best practices and IT Controls Familiar with IT controls over different operating system and database platforms will be preferred
- Good knowledge of application user access and access matrices will be preferred
- Good understanding of security issues, operational risks and process improvement in the areas of technology and business
- Meticulous with eye for details and ability to perform deep-dive investigation and crunching for control and process issues
- Proactive team player with ability to work independently with minimal supervision and equips with excellent communication (both spoken and written), presentation and business writing skills
- Able to manage stress and multi-task in a fast-paced environment and able to work on irregular working hours
- Able to collaborate within a team, at various levels of stakeholders from the operating level to the senior management across locations
- Able to effectively manage time and prioritize tasks and responsibilities
- Flexibility and ability to multi-task and take on different types of roles and activities at the same time
- Positive attitude and willing to take new challenges with an open-mind
- Creative, quick & systemic thinking with strong analytical and planning skill
Apply Now We offer a competitive salary and benefits package and the professional advantages of a dynamic environment that supports your development and recognises your achievements.
