Application Security Consultant

at  ASTEK SINGAPORE INNOVATION TECHNOLOGY PTE LTD

Astek is offering a role of Application Security Consultant for one of our project based in Singapore.

Security Architecture:

• Plan, research, and design security architectures for IT systems
• Review and approve security requirements for applications and IT setup
• Ensure compliance with security architecture standards, including third-party and cloud security risks
• Protect Wealth Management business data and assets with adequate security levels
• Identify and manage IT security risks proactively
• Provide regular security reports to management

Security Projects

• Participate in and track various initiatives aimed at enhancing Wealth Management’s security stance
• Monitor and report progress on these initiatives to management
• Identify, document, and report IT risks identified during these initiatives

Security compliance

• Align with Group and Wealth Management GAIM security policies for project and production assets
• Ensure compliance with regulatory requirements from APAC (HKMA, MAS), EU (GDPR), Switzerland (FINMA), and others
• Utilize deep knowledge of security standards like NIST, CIS, ISO2700x to ensure IT security requirements compliance
• Ensure compliance with third-party technology risks and cloud security regulations

Data Management and Data analytics/science technologies

• Stay updated on data security and protection regulations and measures
• Familiarize with data analytics and data sciences technologies, including standard practices and cloud solutions
• Implement Data Management, Data analytics, and data science solutions in line with Group security architecture requirements (e.g., Tableau, PowerBI, AI, R, Python, DevSecOps, API management)
• Proactively identify, document, and follow up on IT security risks
• Provide regular security reports to management

Coordination activities

• Align with objectives and contribute to global reporting (e.g., WM Cybersecurity Committee, WM Project Architecture, Security validation committees, Application Security Dashboard)
• Coordinate with Global security teams for integrating WM assets into production sites
• Stay updated on IT Security initiatives within the Group and engage with other IT Security stakeholders

Security Posture

• Take part in deploying new security practices and DevSecOps pipeline
• Ensure adherence to SSDLC practices

• Contribute to awareness and training activitiesReport on identified risks and security deviations

Requirements:

• Strictly 5-8 years’ experience in information security and IT risk management.
• Experience in evaluation and design of technical architectures and processes
• Functional as well as technical knowledge of the common architecture and Cybersecurity frameworks and solutions
• Proficient in network protocols, connectivity, Firewall, and Internet technologies
• Familiar with secure application design, DevSecOps tools, and CI/CD practices
• Skilled in secure access control, encryption, and key management techniques
• Technical expertise in various operating systems (Linux, Windows, AS400) and databases (Oracle, MSSQL, PostGreSQL, MongoDB)
• Knowledgeable about digital transformation, mobile technologies, Cloud (Containers Docker, Kubernetes), and emerging technologies like NFT and encryption
• Familiarity with OAuth, Single Sign-On, API-based approaches, TDD, BDD
• Understanding of standard IT security concepts, methodologies, cybersecurity threats, and remediation
• Proficient in IT Security Risk Assessment and Risk Management
• Knowledgeable about banking regulations, especially in the international and APAC regions, and specific to Wealth Management

Please refer the Job description for details