Project & Infrastructure Security Specialist

Job Description - Project & Infrastructure Security Specialist (240001VH) As a project & infrastructure security specialist, the candidate is responsible to conduct cybersecurity assessment on the Bank’s application or infrastructure according to the Bank’s established information security policy and standards. The candidate will also be involved in project engagements, working closely with project manager and users, offering guidance and clarification on the Bank’s information security policy and standards. Description Review and enforce information security policy, standards and guidelines for IT business application and infrastructure projects. Identify IT security risks including IT business application and infrastructure projects. Conduct security assessments for business application, infrastructure projects and third-party service providers. Undertake new security projects to improve the security controls, efficiency and ease of use. Perform process re-engineering and efficiency improvement for the team. Participate in review committees and agile squads as a subject matter expert in cybersecurity. Qualifications Degree in Computer Science, Cyber Security or equivalent. Certified Information Systems Security Professional, Certified Information Systems Auditor or Certified Risk and Information System Control, Certified Cloud Security Professional, will be desired. Minimally 2-6 years working exposure in Security, IT Audit, or IT Risk exposures. Independent and able to perform tasks with minimum supervision. Excellent communication and interpersonal skills with good command of English. Have a very strong commitment to personal development and drive to develop himself / herself technically and professionally. Knowledgeable in IT controls, application security and risk management methodology. Competent in conducting infrastructure, application, and third-party security risk assessment. Familiarity in Digital Banking and FinTech solutions will be an advantage. Has in-depth knowledge of information security risks, concepts of new technologies, such as blockchain, cloud, mobile payment, AI/ML, etc. Knowledgeable with cryptographic algorithm/functions and key management. Knowledgeable in compliance with MAS TRM, ABS, BNM, HKMA, CBIRC, etc guidelines and regulatory notices. Knowledgeable in application penetration testing methodologies, such as OWASP will be an advantage. Knowledgeable with application development experience and programming/coding will be an advantage. Location: Singapore Department: Information Technology Office: Technology Information Security Office (TISO) Employment Type: Permanent Job Type: Full-time Application Deadline: 31-Dec-2024#J-18808-Ljbffr