Job Description - Business Information Security Risk Manager
About Us MIZUHO BANK IS THE BANKING SUBSIDIARY OF MIZUHO FINANCIAL GROUP OF JAPAN, ONE OF THE WORLD'S LARGEST FINANCIAL SERVICES PROVIDERS.
IN 1974, ONE OF MIZUHO'S PREDECESSOR BANKS COMMENCED BRANCH OPERATIONS IN SINGAPORE, MEANING WE HAVE HAD A PRESENCE IN SINGAPORE FOR OVER 50 YEARS. MIZUHO BANK SINGAPORE BRANCH HOLDS A FULL BANK LICENSE AND PROVIDES BANKING SERVICES TO MORE THAN 2,000 JAPANESE AND NON-JAPANESE CLIENTS, OPERATING WITH AN ON-THE-GROUND STAFF STRENGTH OF AROUND 1000 IN SINGAPORE. ITS PRINCIPAL BUSINESS ENCOMPASSES CORPORATE FINANCE, TRADE FINANCE, CASH MANAGEMENT, FUNDS TRANSFERS, PROJECT FINANCE AND TREASURY. IT ALSO COLLABORATES WITH ITS AFFILIATE COMPANY, MIZUHO SECURITIES, TO PROVIDE INVESTMENT BANKING SOLUTIONS TO ITS CLIENTS.
Job Responsibilities Mizuho Bank is seeking an experienced Information Security Risk professional to lead information security risk management strategy for the major, multi-year technology transformation program of Core Banking systems and related applications, covering integration, deployment and data migration across Mizuho APAC for CASA, Lending, Cash / Payment, and Trade Finance business functionalities.
Reporting to Regional Risk & Control (RRC) and accountable to the Core Banking Program's Accountable Executive (AE), the Business Information Security Risk Manager will support regional risk governance ensuring effective identification, assessment, mitigation and reporting of information security risks for Core Banking portfolio. This role requires tight collaboration with the AE, CISO and Business stakeholders across the region, ensuring adoption of security measures and their consistent integration and execution for Mizuho APAC.
KEY RESPONSIBILITIES
Serve as the primary liaison between the program stakeholders, IT security and the business units to ensure security requirements are integrated into the core banking projects and business processes
Have deep and broad familiarity with Cyber Hygiene, Application Security and Information Security domains to identify, evaluate, secure and manage risks in core banking environments, including enterprise integration, data protection, operational process and third party / vendor risks
Collaborate with legal, audit, assurance and compliance teams to align security risk management with organizational and regulatory requirements
Risk Management
Conduct application threat modeling to identify security weaknesses and vulnerabilities, even without detailed standards or elaborate guidance
Perform compliance review and risk analysis covering IT security and information control areas, and able to clearly articulate security risk in business context
Evaluate risk mitigation options and influence toward practical mitigation strategies tailored to core banking architecture and processes, ensuring they are technically feasible and commercially defensible
Provide guidance and consultative support to the program regarding security risk, compliance and best practices
Stay current with industry trends, regional cyber laws, emerging threats and best practices to continuously improve the organization risk posture
Risk Reporting
Own and manage Security Risk Register for the program ensuring ongoing risk identification, mitigation and reporting to senior management and risk committees
Communicate risk policies, findings, recommendations and security posture to stakeholders, including preparing consolidated written reports for senior leadership and relevant committees
Regulatory Compliance
Provide advisory to ensure that all compliance requirements relevant to internal risk management framework and banking regulations across APAC (e.g. MAS, HKMA, etc.) can be met
IT / Risk Governance
Oversee compliance with secure software development lifecycle (SDLC) practices, including secure coding and deployment, security testing, vulnerability management and relevant IT risk management processes
Operate and uplift existing risk management framework and their supporting processes, where required, to address control gaps and effectiveness issues
Organizational Competency
Able to build and maintain strong working relationships with a diverse set of stakeholders within and across the IT and business departments
Able to manage work in a fast-moving, high-pressure environment and balancing multiple work activities
Culturally aware to work well with project teams, including with teams who are based offshore or in different geographical locations
Job Requirements SKILLS AND QUALIFICATIONS
Bachelor's or Master's degree in Computer Science, Information Security, Software Engineering, or related field
Professional certifications, such as CISSP, CRISC or CISM, are preferred
Minimum 11 years' experience in the banking / financial services industries focused on information security and risk related functions
Strong technical expertise in Cybersecurity principles, threat management, and security frameworks with deep understanding of core banking systems, architecture, operations and security challenges
Strong knowledge of application security tools, e.g. SAST/DAST, SCA, secure coding practices and vulnerability management
Demonstrated business acumen with the ability to understand and align security initiatives with business processes and objectives, or proven experience in a BISO role to balance business objectives with security requirements
In-depth knowledge and practical understanding of information security risk management frameworks, standards and methodologies (e.g. ISO 27001, COBIT, NIST, OWASP, MITRE, etc.)
Proven experience in risk assessment methodologies, GRC (Governance, Risk and Compliance) tools, policy development, compliance management, and risk reporting
Familiarity with regulatory requirements and compliance standards relevant to banking across Asia Pacific jurisdictions (e.g. MAS, HKMA, RBI, etc.)
Experience in DevSecOps and Public Cloud Technology stacks / security models (AWS, Azure or Google Cloud) are desirable
PERSONAL ATTRIBUTES
Analytical mindset with strong problem-solving skills
Proactive, self-motivated and resourceful
Assertive, adaptable and self-aware
Able to work in a fast-paced, regulated environment
Excellent communication and interpersonal skills, able to articulate and summarize complex thoughts and analytics to various stakeholders, including non-technical audience of various levels
Excellent stakeholder management and project management skills
All Job Ads are subject to GrabJobs’s Terms of Service. We allow users to flag postings that may be in violation of those terms. Job Ads may also be flagged by GrabJobs moderation team. However, no moderation system is perfect, and flagging a posting does not ensure that it will be removed.
Be the first to receive the latest Others Full-Time Jobs in Singapore.
Setup your job alert:
By activating job alerts, I agree to GrabJobs Terms & Privacy Policy. I can unsubscribe to job alerts anytime.
Skip
GrabJobs is the no1 job portal in Singapore, connecting you to thousands of jobs fast!
Find the best jobs in Singapore, apply in 1 click and get a job today!