Anunciada dia 8 setembro
Descrição
Job Overview
We are seeking a seasoned Cyber Security Professional to join our team. The ideal candidate will have a deep understanding of application security, IT security compliance, and cyber security principles.
1. Application Security:
* Implement secure software development life cycles, including DevSecOps and threat modeling practices;
* Identify and implement the latest security standards for internet-facing and internal assets;
* Improve vulnerability management at the application level in terms of efficiency as well as effectiveness (including static acceptance security testing – SAST, dynamic acceptance security testing – DAST, and software composition analysis – SCA);
* Perform security risk assessments and reviews to be presented to respective committees;
* Ensure adequate security levels for all wealth management GAIM applications.
2. IT Security Compliance:
* Align with group and wealth management GAIM security policies, for both project and production assets;
* Protect wealth management business data with adequate security levels for wealth management assets;
* Ensure compliance with regulatory bodies' requirements, including APAC (HKMA, MAS, FSC), EU (DORA), Switzerland (FINMA);
* Leverage deep knowledge of security standards such as NIST, CIS, ISO 27000x, ensure compliance with IT security requirements;
* Ensure compliance with third-party technology risks and cloud security;
* Identify process gaps and provide solutions.
3. Cyber Security:
* Coordinate with other IT security or actors in regions or globally;
* Assist in risk treatment for any wealth management issue, based on processes;
* Identify IT security risks in advance, record, and follow up on them;
* Define and contribute to processes from a cybersecurity perspective;
* Periodically report security status to wealth management IT domain heads and security champions;
* Ensure regular reporting for management follow-up;
* Handle cyber alerts and incidents by investigating and following up with handlers until issues are closed;
* Onboard assets and applications in SIEM and handle BAU, create/update relevant documents.
4. Production Security:
* Ensure effectiveness and success of vulnerability management processes;
* Ensure compliance levels of production environments and integrate into reporting.
