SVP, Cybersecurity Audit, Group Audit

Business Function

Group Audit helps the Board and Executive Management meet the strategic and operational objectives of the DBS Group. We conduct independent checks to ensure that the Group's risk and control processes are adequate and effective. All our team members are highly sought-after professionals who work as trusted advisors to our clients, in all matters related to a company's internal controls.

DBS Group IT Audit is setting the standard to audit the future of banking technology. Our 4-function IT audit team consists of Application, Enterprise Process, IT Infrastructure and Cyber Security. This position is open in the Cyber Security team in Singapore.

Reporting into IT Functional Audit Head, you are responsible for end-to-end audits, track audit issue closure, validate control effectiveness post remediation, continuous monitoring of the IT landscape, writes and speaks well at all levels. You will also support the audit function in continuous auditing activities to improve effectiveness and efficiency of the IT audit function. As Singapore is the Head Office to DBS Group, some travelling can be expected (10% to 15%) in this role.

Key Accountabilities

Cybersecurity audit work includes review of cyber security controls across IT Infrastructure and Application. As a Cybersecurity expert, you will have responsibilities in assessing and monitoring the effectiveness and adequacy of the Bank's cyber defence control measures and operation processes.

Responsibilities

• Develop IT audit strategy and manage the audit plan and resources.
• Lead and/or undertake audit projects to provide reliable and independent assurance.
• Identify and assess potential risks in accordance with current regulatory and statutory requirements.
• Establish and build relationships with senior stakeholders to educate the business in the control framework and influence business processes.
• Define and develop Continuous Auditing requirements.
• Supervise and coach team members.

Requirements

• More than 10 years of relevant experience.
• Practical hands-on experience in performing independent security assessment to IT infrastructure and application.
• Demonstrate strong understanding of the cybersecurity controls, operations and well-versed in the areas of application security.
• Ability to interpret cybersecurity vulnerabilities and provide recommendations according to industry security best practices.
• Knowledge of cyber-related government regulations (MAS, CSA, HKMA, RBI, FSI, etc.) and compliance will be an advantage.
• Degree in Information Technology.
• Professional Certification - CISA & CISSP.

(1) Technical Knowledge

• Digital Banking delivery channel adoption:
  • Internet, web hosting, mobile, Wi-Fi.
  • Multi-channel distribution.
• Mobile application development.
• Cloud Security.
• Cyber Security:
  • Malwares, attacks & defences.
  • Biometrics.
  • Security operations & surveillance.
  • Vulnerability Assessment / Penetration Testing.
  • Source code review.
• Infrastructure security & processes:
  • Network devices (e.g. firewalls, switches and routers).
  • System & database platforms (e.g. Wintel, Unix, Mainframe, Oracle, MS SQL).
  • IT processes (e.g. Data Centre Operations, Change Management, Incident Management).
• Authentication & Authorisation Controls:
  • Multi-factor authentication.
  • Identity and Access Management (including Active Directory, PID, & Authentication protocols such as SAML, oAuth).

(2) Business Analyst Skills

• Banking product domain knowledge acquisition:
  • Treasury and Markets, Securities, Finance, Risk Management and Islamic Banking
  • Institutional Banking and Global Transactions Services
  • Consumer Banking and Wealth Management
• User requirements understanding.
• Application release functionalities validation.
• Security / control design assessment.
• Regulatory compliance.
• Data Analytics.
• Risk assessment particularly in regard to assessing the probability and impact of an internal control weakness.

(3) Development Approach

• Agile project management.
• Rapid release management.
• Programming standards.
• Mobile application development.

Apply Now

We offer a competitive salary and benefits package and the professional advantages of a dynamic environment that supports your development and recognises your achievements.