AVP, Cyber Auditor, Group Audit (WD11402)

DBS BANK LTD.| Date Posted: 20-Jan-2020
Job Nature:
Permanent
Position Level:
Senior Manager, Top Management

Job Description

Roles & Responsibilities

Business Function

Group Audit helps the Board and Executive Management meet the strategic and operational objectives of the DBS Group. We conduct independent checks to ensure that the Group’s risk and control processes are adequate and effective. All our team members are highly sought-after professionals who work as trusted advisors to our clients, in all matters related to a company’s internal controls.


Key Accountabilities

Cybersecurity audit work includes review of cyber security controls across IT Infrastructure and Application. As Cyber security expert, you will have responsibilities in assessing and monitoring the effectiveness and adequacy of the Bank’s cyber defence control measures and operation processes.

You should have practical hands-on experience in performing independent security assessment to IT infrastructure and application. You need to demonstrate strong understanding of the cyber security controls, operations and be well-versed in the areas of application security.

You will interpret cyber security vulnerabilities and provide recommendations according to industry security best practices. Knowledge of cyber-related government regulations (MAS, CSA, HKMA, RBI, FSI, etc) and compliance will be an advantage.


Responsibilities

  • Lead and/or undertake audit projects to provide reliable and independent assurance
  • Identify and assess potential risks in accordance with current regulatory and statutory requirements
  • Establish and build relationships with senior stakeholders to educate the business in the control framework and influence business processes
  • Define and develop Continuous Auditing requirements

Requirements

  • Minimum 7 years of experience
  • Degree in Information Technology
  • Professional Certification – CISA & CISSP

Technical Knowledge

  • Digital Banking delivery channel adoption:
    • Internet, web hosting, mobile, Wi-Fi
    • Multi-channel distribution
  • Mobile application development
  • Cloud Security
  • Cyber Security
    • Malwares, attacks & defences
    • Biometrics
    • Security operations & surveillance
    • Vulnerability Assessment / Penetration Testing
    • Source code review
  • Infrastructure security & processes
    • Network devices (e.g. firewalls, switches and routers)
    • System & database platforms (e.g. Wintel, Unix, Mainframe, Oracle, MS SQL)
    • IT processes (e.g. Data Centre Operations, Change Management, Incident Management)
  • Authentication & Authorisation Controls
    • Multi-factor authentication
    • Biometric technology

Business Analyst Skills

  • Banking product domain knowledge acquisition;
  • Treasury and Markets, Securities, Finance, Risk Management and Islamic Banking
  • Institutional Banking and Global Transactions Services
  • Consumer Banking and Wealth Management
  • User requirements understanding
  • Application release functionalities validation
  • Security / control design assessment
  • Regulatory compliance
  • Data Analytics
  • Risk assessment particularly in regard to assessing the probability and impact of an internal control weakness

Development Approach

  • Agile project management
  • Rapid release management
  • Programming standards
  • Mobile application development