Description
We are seeking a highly skilled and proactive Security professional to join our team. The successful candidate will play a crucial role in Eastspring Regional team ensuring the security and compliance of project / application implementation, with a particular focus on application security assessment throughout SDLC, Cloud services, DevSecOps scanning and technologies for all business units.
Responsibilities
- Conduct security-by-design reviews on new programs, initiatives, projects, Cloud services and technologies regionally (in-house development, Commercial Off-The-Shelf, SaaS), ensuring sufficient documentation for compliance / audit.
- Collaborate with Group and Regional information security teams, as well as business stakeholders, to ensure project implementation aligns with security controls in accordance with policies, standards, guidelines, and regulations.
- Take part in the security architecture blueprint and design review process for the Cloud hosted solutions.
- Ensure critical vulnerabilities are tracked and remediated prior to application go-live.
- Analyse, review, and approve non-standard software/technology implementations regionally.
- Perform ad-hoc and periodic reviews of Proxy/Network/Firewall requests, designs, and configurations in Eastspring.
- Provides advisory and consultation to business units, business owners, and project teams for any Cloud Security related matters.
- Create a culture of security-by-design awareness by conducting related training for LBUs and other relevant stakeholders.
- Create, maintain, and update relevant security policies, standards, and operating procedures for Eastspring.
- Support the team leader with any assigned security operation tasks related to endpoint security, network security, data protection, DLP, VAPT, security alerts, and incidents.
Skills and Qualifications
- Recognized degree in Computer Science or related Engineering fields.
- At least 8 years of demonstrated experience in reviewing and identifying gaps in architecture blueprints and designing controls, especially in the Cloud domain.
- Candidates with proven experience in financial services industry is preferred.
- Must be able to recommend mitigations to threat models based on threat vectors and exploits.
- Good knowledge and experience with regulations, including PDPA, MAS guidelines, and technology/cybersecurity regulations in other Asian countries (e.g., Thailand, Malaysia, Taiwan).
- Understanding of asset and/or wealth management businesses, including trade lifecycle and operational processes, is a plus.
- Certifications such as CISA, CISSP, and CCSP are encouraged and demonstrate continuous learning and application of standard methodologies.
- Ability to understand business requirements and security risks during security assessments and consultations.
- Understanding of the company's business direction from products, solutions, market, and technology perspectives in the Cloud domain.
OTHER TRAITS
- Possess exceptional problem-solving and data analysis skills.
- Positive attitude and collaborative mindset.
- Highly motivated to stay updated with the latest developments in technology-related regulations and to acquire broad technical knowledge and skills.
- Strong communication, presentation, and interpersonal skills; ability to work collaboratively and effectively with employees at all levels in different geographies.
- A good team player in managing internal and external stakeholders to resolve issues and align with objectives.
- Exhibit proactiveness in identifying, highlighting, and remediating gaps and issues.
