Third-Party Cybersecurity Specialist

at  OCBC Bank

• As a subject matter expert, perform assessment of third-party service providers’ cybersecurity posture and identify potential security risks from third-party engagements, in accordance with the Bank’s security standards.
• As a subject matter expert, assess the security and identify potential security risks arising from new product offerings, in accordance with the Bank’s NPAP requirements.
• Collaborate closely with businesses and the Bank’s Third-Party Risk Management (TPRM) team to ensure security risks are identified and communicated so that business can make an informed decision.
• Review and enforce information security policy, standards and guidelines for IT business application and infrastructure projects
• Identify IT security risks and conduct security assessment for IT business application and infrastructure projects.
• Undertake new security projects to improve the security controls, efficiency and ease of use.
• Review and document assessment and remediation activities following established processes and procedures.
• Continuously formulate, maintain, and enhance assessment approach, questionnaire and procedure.
• Continuously focus, strategies and provide recommendations to improve the effectiveness of processes and programs.
• Perform reporting and tracking of work deliverables.
• Keep abreast of emerging third-party security threats and technologies to understand the evolving risk and better safeguard the organization.
  Qualifications

JOB QUALIFICATIONS

• Degree in IT, Computing, Cyber Security or Computer studies, or the equivalent in related experience (IT Security, Controls and Risk Management).
• Minimum 5-10 years relevant working experience in Cybersecurity/ IT Security Audit. IT Security/ Project Security Assessment experience preferred.
• Experience in industry standards and regulations such as MAS TRM, OSPAR, ISO 27001, SOC2 Type 2, PCI-DSS, NIST, etc.
• Knowledgeable in compliance with MAS TRM, ABS, BNM, HKMA, CBRC, etc, guidelines and regulatory notices.
• Strong understanding of the Banking industry information security policy and standards, regulatory and industry trends, good practices in providing practical and appropriate recommendation, resolution and remediation options to the businesses.
• Ability to multi-task and work independently with minimum supervision as well as part of an assessment team.
• Ability to leverage attention to detail and analytical skills
• Excellent written and verbal communication and interpersonal skills with good command on English
• Certified in CISSP, CCSP, CISA or CRISC would be preferred
• Knowledgeable in IT controls, application security and risk management methodology
• Knowledgeable with cryptographic algorithm/functions and key management.
• Knowledgeable in application penetration testing methodologies, such as OWASP will be an advantage.
• Familiarity in Digital Banking and FinTech solutions will be an advantage.
  Primary Location: Singapore
  Job: Security Operations
  Organization: Group Operations & Technology Division
  Schedule: Permanent
  Job Posting: 05-Jul-2024, 4:53:31 A

Please refer the Job description for details