Manager, Information Security

Job Purpose:

Assist Head of Information Security to ensure adequate and effective controls are in place.

Main Responsibilities:

•    Support security tools including network firewall, DLP, SIEM, vulnerability scanning,

•    micro-segmentation

•    Review the firewall rule change requests; conduct the modification or reject if the request

•    may expose the Group to unacceptable risk

•    Act as project manager role on information security projects

•    Provide technical guidance to systems and network team regarding security configurations

•    Analyse cybersecurity incidents and make recommendations on remedial actions.

•    Define and design adequate security controls to maintain secure control environment.

•    Conduct regular security assessment on systems, network and IT infrastructure

•    Provide security advisory service to stakeholders on new initiatives and development

•    projects.

•    Maintain Cyber Incident Response plan and playbook. Assist cyber incident response drill

•    in regular basis.

•    Monitor and govern external service providers, including both outsourcing service

•    providers and connected third parties, to deliver the services as per the Group’s security

•    requirements.

Incumbent Requirements:
•    Minimum 6 years of relevant work experience in technology risk, information security
•    and cybersecurity
•    University graduate in Computer Science / Information Technology or equivalent.
•    One or more certificates listed below:
      - ISC2 Certified Information Security Professional (CISSP)
      - ISACA Certified Information System Auditor (CISA)
      - ISACA Certified Information Security Manager (CISM)
      - ISC2 Certified Cloud Security Professional (CCSP)
•    Good knowledge in cybersecurity, Intrusion Detection/Prevention System and
•    application security of finance/banking systems, in particular hands on experience in
•    firewall management
•    Experience in regulators’ requirement on technology risk management including the
•    Cyber Resilience Assessment Framework (CRAF) and Customer Security Controls
•    Framework of SWIFT
•    Strong information security sense in relation to business requirements
•    Mature, independent and able to deliver quality results under tight schedule