Information Security Senior Specialist - Risk Assessment Team

Information Security Risk Analyst - TDI CSO

The Technology Data Innovation (TDI) Chief Security Office (CSO) comprises both Corporate Security and Information Security. We run security operations globally to protect the banks people, infrastructure, processes, and information.

CSO Governance and Control conducts proactive Information Security (IS) controls assess ability and applicability reviews for the emerging technologies to design adaptable IS assessment framework to appropriately assess the security requirement for relevant applications and infrastructures. The role holder would mainly be working on assessments and remediation across the globe to ensure that the Information Securityrequirements for various assets within the Bank are safeguarded and mitigated from any potential risks which can include Reputational, Financial & Regulatory.

What we'll offer you:

As part of our flexible scheme, here are just some of the benefits that youll enjoy.

• Best in class leave policy.
• Gender neutral parental leaves
• 100% reimbursement under childcare assistance benefit (gender neutral)
• Sponsorship for Industry relevant certifications and education
• Employee Assistance Program for you and your family members
• Comprehensive Hospitalization Insurance for you and your dependents
• Accident and Term life Insurance
• Complementary Health screening for 35 yrs. and above

Your key responsibilities:

• Display strong knowledge of Information Security for reviewing Risk Assessments as per IS policy and ISO 27001.
• Review IS controls and assess ability and applicability for the applications / infrastructure.
• Display strong knowledge and understanding of Information security controls (ISO) and mitigation/remediation solutions.
• Build strong relationships with various stakeholders, including but not limited to: IT application owner (ITAO) & Delegates, Information Security Officer (ISO) / Technical Information Security Officer (TISO) / Risk Managers to complete Risk, Control Assessments and Remediation management.
• Work with governance, risk, and compliance (GRC) tools such as ServiceNow, should be familiar with national and international regulatory frameworks like NIST, ISO, SOX, EU DPD, PCI DSS, and GDPR and additional knowledge on Regulatory requirements/controls like MAS, CAM and PSDII to support stakeholder requirement.
• Manage the scope of deliverables & expectations and ensure clear and concise communication to onshore team members and other stakeholders.
• Conduct application risk assessments and support business stakeholders to determine the CIA ratings.
• Provide process improvement inputs to various stakeholders involved in the process.
• Proactively seek ways to improve on existing practices and processes. Display insight and ability in identifying issues and develop successful solutions.
• Collaborate and work with multiple & distributed teams across different locations.
• Communicates openly with management and the internal stakeholders; keeps them informed of potential risk and escalate problems/delays accordingly to avoid / minimize the impact.
• Develop key operational procedures and policies where necessary and ensure adherence to all such defined policies.
• Focus on utilizing the capacity in an efficient and effective manner.
• Provide and prepare data / reports for stakeholders and management meetings.
• Represent the process and provide inputs for the monthly and quarterly dashboards with performance and with any challenges faced or suggestions to improve the quality.

Your skills and experience:

• Significant work experience in the Information Technology / Information Security area
• Proven capabilities / competencies in mitigating the Information Security / Application Governance / IT Control etc.
• Professional / industry recognized certifications (e.g., CISA, CISM, CRISC etc.) are highly beneficial to cover a broad range of Information Security areas where relationship with the business or IT is required.
• Ability to monitor, track and clearly communicate progress, escalate issues when appropriate.
• Proficiency in Data Analytics Skills in Python, added advantage to languages such as SQL for data manipulation and analysis
• Experience in global and diverse teams across different time zones and within a matrix environment.
• Professional and strong verbal and written communication skills and the ability to communicate on all hierarchy levels.
• Strong understanding of service delivery and relationship management
• Experience in Agile way of working and its methodology would be beneficial.
• Highly motivated with analytical and problem-solving skills.
• Self-driven, eager to learn and well-organized team player.

How we'll support you:

• Training and development to help you excel in your career.
• Coaching and support from experts in your team.
• A culture of continuous learning to aid progression.
• A range of flexible benefits that you can tailor to suit your needs.