Description
We are seeking a highly experienced Cybersecurity Architect to join our team in Southeast Asia. The ideal candidate will have 9+ years of experience in developing and implementing cybersecurity strategies, policies, and procedures. The Cybersecurity Architect will be responsible for designing and implementing secure network architectures, managing security risks, and ensuring compliance with regulatory requirements.
Must Have Skills
- Relevant industry certifications (e.g. CIA, CRISC, CISA, ITIL, CISSP, GRCP / CRCM)
- Cloud CSP training such as AWS Foundation and/or MS Azure Fundamentals
- Experience with Technology Implementation or Operation
- Hands on experience with Control Design and Implementation
- Understanding of the Audit Lifecycle
- Knowledge of relevant Technology and Business Regulations; ideal candidate has direct experience of interface with Regulators (principally PRA, MAS and HKMA).
- Knowledge of and/or hands-on experience of Technology Architecture
- Comfortable with ambiguity and able to make decisions
- Process Design and Analysis
- Documentation and Textual Analysis
- Data Analytics
- Experience negotiating with and influencing technical and/or senior stakeholders
- Knowledge of Cloud and DevOps
- Excellent understanding of Operational Risk Management for a technology stream
- Strong performer, with efficiency and delivery outcomes
- Makes a strategic difference
- Fluent English communication & writing skills
- Assertive & good problem-solving skills with common sense
Roles and responsibilities
- This role is key and responsible for continuing improvements in the Domain(s)s approach to risk identification and mitigation, control management and audit engagement within the framework set out by the relevant authorities.
- This operations role ensures a constant state of preparation, readiness and continuous improvement across process, risk management and reduction, audit success, documentation, MIS systems and reporting.
- Maintain & Implement Risk and Control Process for 1st line of defence as per bank's ERMF.
- Identify risk profile / R&R for all parties involved, Cloud Platform support Mgr, Platform engineer , Domain heads etc.
- Document & Maintain (review periodically for applicability, improvement and efficiency) the Risk Management process on Domain Risk Meetings, MOM Templates, Audit Engagements, Risk Approvals, Risk Extensions, Risk Assessments and Risk reviews done by UORM.
- Maintain central data repository for Risk & Control.
- This includes Risk Profile, Risk Analysis (Operational M7 & CRISP Security risks), Stakeholder engagement Matrix, CSAR Status, list of GIA Audits and status, Open and Overdue Audit status etc.
- Ensure Awareness of Rules of Engagement w.r.t Risk Management to all domain stakeholders either directly or through UORMs and Leadership to ensure consistency across domains.
- Advise and assist the Cloud & DevOps Portfolio Head(s) in driving and directing effective compliance with the prescribed Enterprise risk management framework
- Implement effective and efficient controls to minimise / mitigate operational impact
- Ensure proper management of risk and timely resolution of issues
- Promote understanding, practice and culture of Enterprise Operational Risk within the Domain(s).
