AVP, Security Engineer Project Advisory, Information Security Services, Technology and Operations

Business Function

Group Technology enables and empowers the bank with an efficient, nimble, and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In Group Technology, we manage most the Bank's operational processes and inspire to delight our business partners through our multiple banking delivery channels.

Role

We are seeking an experienced technology specialist to join our in-house Information Security Services team in a long-term role. The successful candidate will support bank-wide initiatives by performing threat modelling, risk assessments, and designing information security solutions for key projects. The role also involves evaluating and driving the adoption of emerging technologies to strengthen the organisation’s security posture. This position requires a motivated and analytical professional who can work effectively with business stakeholders, technical teams, and vendors to deliver high-quality project advisory services.

Responsibilities

• Conduct security risk assessments across business, application, and infrastructure initiatives.
• Perform threat modelling and recommend appropriate information security controls for key projects.
• Provide security advisory support throughout all phases of the project lifecycle.
• Carry out information security due diligence on third-party service providers, including on-site assessments where required.
• Clearly articulate identified risks and recommended controls to stakeholders, including senior management.
• Lead and drive the implementation of approved information security solutions.
• Evaluate and promote the adoption of new technologies and practices to enhance the bank’s security posture while balancing usability and risk.
  
  

Requirements

• Proven experience in system security reviews, security architecture assessments, or IT security audits.
• Broad experience in the information technology domain, preferably with exposure to information security, across areas such as AI, application architectures, cloud, containers, APIs, data platforms, and Microsoft 365
• Demonstrated ability and willingness to work hands-on with emerging technologies and assess associated security controls.
• Relevant professional certifications (e.g. CISA, CISM, CISSP, GIAC) are advantageous.
• Working experience in performing system security reviews, security architecture reviews or IT security audits
• Working experience in the information technology domain (artificial intellifemobile application, monolithic application, microservices, APIs, server virtualisation technology, container technology, public cloud, data analytics platform, IoT, Microsoft 365) and preferably in the information security domain
• Willingness to get hands on to explore new technologies and evaluate the controls
• Able to travel on a need to basis

Functional / Technical Competencies

• Possess good knowledge on information security risks and controls in an enterprise environment and product development environment
• Able to perform security risk assessment and communicate residual risks clearly to stakeholders
• Possess good knowledge in various enterprise security controls (e.g. end-point security, network security, server security, application security, data security, cloud security, access control, Microsoft 365 security) 
• Good understanding of regulatory requirements (e.g. MAS Technology Risk Management Guidelines, PCI DSS, Personal Data Protection Act)
• Knowledge of tactics, techniques, and procedures associated with malicious insider activity, organized crime/fraud groups and both state and non-state sponsored threat actors.

Location:

Job:

Schedule:

Employee Status: