Specialist, Information Security

Job Description

* Job Purpose :-Assist CISO in following functions
• Keep update with emerging cyber threats to which Bank is exposed & strengthen Bank Cyber Security posture
• Assessing effectiveness of Bank s Cyber Security Risk Mgt & Data protection as effective 2 nd line of defense
Key Accountabilities:- The role will:
• Collaborate with IT & Business & Support units for effective implementation of Information & Cyber Security controls in accordance with DBS group s security guidelines, industry standards & regulatory requirements.
• Perform Cyber Security risk assessment & monitor Key risk indicators related to Cyber Security/Data protection
• Review Bank s Information Security & Cyber Security Policy as per changing security landscape & review its operational effectiveness in co-ordination with Security Operations Team & Business Risk Management Team
• Ensure compliance with regulatory guidelines w.r.t. Cyber Security & Audit s remediation plan for Technology
• Assess Design & Operational effectiveness of Information-Cyber Security Controls as effective 2 nd line defense.
• Update Senior Management of Cyber security issues, emerging risks, projects, incidence & risk mitigation plans.
Job Duties & responsibilities:-
• Perform cyber security risk assessments keeping update with latest technology developments & underlying risk
• Periodic review of Information Security and Cyber Security Policy of the Bank to keep it relevant & robust
• Review of effectiveness of data loss protection program of bank & oversight on timely closure of DLP alert
• Ensure timely compliance with all regulatory guidelines/advisory/circulars related to Information/Cyber security
• Review correctness & completeness of data compiled for various regulatory submissions w.r.t. Info-Security
• Keep Business & Technology stakeholders aware of key regulatory compliance requirements & emerging risks
• Review Information/Cyber Security KRIs (key risk indicators/matrices) periodic basis to assess security posture
• Assist in Internal & External Audit process & ensure timely remediation of IS Audit issues & corrective actions
• Review Cyber security advisories/alerts as part of Bank s Vulnerabilities Management program for remediation
• Analyzing trends & changes in cyber threat landscape in evolving technology areas (eg. Public Cloud, APIs etc)
• Review (testing effectiveness of) half yearly technology & info-security risks controls self-assessment (RCSA)
• Evaluate the residual risks/deviation approvals sought by technology or business team vis a vis security control
• Conduct Information Security Committee meetings on quarterly basis & track the actionable therefrom via MoM
• Review cyber security controls for outsourced service providers (OSP) & new product/process approvals (NPA)
• Drive information security awareness amongst all staff/vendors via user awareness program on Cyber security
• Maintain close working relationship with Technology teams as trusted security advisor in technology initiatives & processes such as change management, incident management, patch management, security configuration & vulnerability management. Keep tteams abreast of various technology risks & advise remediation controls
• Guide Security Operations team for smooth implementation of Bank s Info-Sec policies & regulatory guidelines
• Attend operational risk forums (technology risk forums) to keep update with areas of concerns & advise as SME
• Collaborate with other units (eg. fraud risk controls & BCM) on issues related to cyber fraud, business continuity
• Co-ordinate with 3rd party auditors if any appointed, for independent IT/IS audits or compliance assignments.
Experience:-
• 5-8 years relevant work experience in Information Technology or Information Security domain will be preferred
• Sound knowledge of key technology security tools & processes like DLP, VA, SIEM, IDS, IPS, Firewall, AV etc.
• Knowledge/awareness of Information & Cyber Security risks & underlying controls in technology environment
• Demonstrated ability to engage and communicate with Senior Mgt & stakeholders. Articulate presentation skills.
• Ability to work in multi-dimensional teams & collaborate in multi-tasking environment as subject matter expert.
Education / Preferred Qualifications :-
• Bachelor s degree in Technology or Computer Science or Qualification in Information System Security Domains
• Technical certifications eg. CEH, CISSP, SANS, Comp TIA+, OSCP, LPT, CCSP, CCNP etc. will be advantage
• Excellent communications skills and presentation skills Ability to manage the team & outsourced support staff, collaborate with the technology operations & biz units.
,

Keyskills :
information security awarenessenvironmental impact assessmentsecurity riskcyber security