VP, Information Security Risk Assessment, Information Security
Information Security Risk Assessment (ISRA) is the key technology control process in the bank to ensure the IT systems used in the bank are designed with appropriate security protections and continue to be protected along with its lifecycle. This role will lead the ISRA section with following responsibilities:
- Team member of information security risk assessment section with focus on project security risk assessment and application security area.
- Develop, drive and constantly improve security review processes to identify the risk throughout the lifecycle covering different layers of technology architecture.
- Lead the risk assessment, tracking and periodical review of the deviations identified during the ISRA.
- Review individual projects as well as to assess overall security posture holistically. Work closely with business to ensure security is a priority.
- Provide regular update to stakeholders about the risk identified during the ISRA process.
- As security SME, provide advisory to rest of IT teams to strengthen security controls.
- Maintain awareness of security trends covering both new threats and technologies in order to understand the risk and better safe guard the organization.
- Evaluate security solutions/processes when necessay
- Degree in Computer Science, Computer Engineering, Software Engineering or related discipline
- At least 12 years of IT experience, in which over 6 years are in the capacity of information security risk assessment or security architecture, preferably in a large BFSI environment.
- Deep understanding of most of security technology domains.
- Solid application security know-how, preferably banking applications.
- Familiar with the regulator requirement related to the information security areas.
- Good understanding of the key aspects of IT which includes strategic planning, application implementation & support, IT Infrastructure, Vendor & Contract Management, IT audit, IT governance, Risk management and business continuity planning.
- Proficient in risk management concept and practices.
- Keep up-to-date knowledge of security trends.
- Ability to lead change, and to adapt quickly to changing priorities.
- Ability to identify and improve on work & process inefficiencies.
- Relevant certification such as CISSP, CSSLP, CISA, SANS, Microsoft, ITIL Foundation, would be advantages.
- Strong analytical and critical thinking skills and meticulous attitude.
- Able to work independently or in a team with minimal supervision.
- Excellent communication, writing and presentation skill.
United Overseas Bank Ltd (UOB)