Role Description
The Security Officer will participate of the lifecycle of the Applications and Projects within Wealth Management in order to ensure the adequacy of the security using a risk-based approach.
The incumbent will work hand in hand with the IT Dev, Prod teams and the business, as an enabler and a facilitator, in an Agile mindset.
Responsibilities
Cloud Security Lead
- Act as the Lead Security Officer for all Cloud related project within Wealth Management entity.
- Perform the Risk Assessment on the Cloud application to detect the different risk that it can raise for the Bank
- Ensure that all the different steps of the Cloud assessment are done on timely manner to ensure the delivery of cloud projects
IT Security Architecture
- With a thorough understanding of the organization's technology and IT systems, planning, researching, and designing security architectures.
- Reviewing, and approving the security requirements for applications and IT setup
- Ensure the compliance level of the applications with the Security architecture standards including Third-party and cloud security risks.
- Ensure the protection of WM business data with an adequate security level of WM assets based on review processes.
- dentify the IT security risks in advance, record and follow-up them.
- Ensure the regular reporting to the management.
IT Security Compliance (Delegation On WM APAC Scope)
- Ensure the alignment with the Group and WM GAIM security policies, for both project and production assets
- Ensure the compliance with regulatory bodies requirements, including for APAC (HKMA, MAS), EU (GDPR), Switzerland (FINMA)
- Leveraging on a deep knowledge of Security standards such as NIST, CIS,ISO2700x , ensure the compliance with the IT security requirements
- Ensure the compliance with the Third-party Technology risks and the Cloud security
IT Data Management And Data Analytics/Science Technologies
- Keep up with the knowledge of Data security and protection regulatory landscape and related measures.
- Understand the Data analytics and data sciences technologies (data standard practices including products / cloud related solutions.
- Ensure the solutions of Data Management, Data analytics and data science solutions are implemented with the Group security architecture requirements (e.g. Tableau, PowerBI, AI and other Data analytics solutions). This would also include the development framework and environments highly used in DA landscape (R, Python, DevSecOps and API management)
- Identify the IT security risks in advance, record and follow-up them.
- Ensure the regular reporting to the management.
Coordination with IT Security Actors
- Alignment on the objectives and means, contribution to the different global reporting (WM Cybersecurity Committee, WM Project Architecture and Security validation committees, Application Security Dashboard…).
- Coordination with the global security teams concerning integration of WM assets within production sites.
- Keeping abreast of initiatives by the IT Security community within the Group and other IT Security stakeholders within the Group.
Participate in the Evolution of Security Posture
- Participate in the deployment of new security practices and DevSecOps pipeline
- Ensure that SSDLC practices are well followed
- Take part in the awareness and training activities
Profile
- Minimum Bachelor’s Degree in Computer Science or Information Technology
- Minimum 8 years' experience in information security and IT risk management.
- Experience in evaluation and design of technical architectures and processes
- Functional as well as technical knowledge of the common architecture and Cybersecurity frameworks and solutions
- Strong knowledge on Cloud security
- Network protocols and network connectivity concepts; Firewall and Internet technologies
- Secure application design and architecture principles – including DevSecOps tools and practices (CI/CD)
- Secure access control mechanisms: Encryption and Key Management techniques
- Technical proficiency in various Operating Systems (Linux, AIX, Windows, AS400) and Databases (Oracle, MSSQL, PostGreSQL, MongDB
- Well versed with international and APAC banking regulations
- Knowledge of understanding digital transformation and mobile technologies and Cloud (Containers Docker, Kubernetes).
- Knowledge of emerging technologies (NFT, encryption)
- Strong knowledge in secure development and SSDLC processes
- Knowledge of the Norms and Standards of the banking and cybersecurity industry
- Advanced IT security certifications : CISSP / CISM / SANS Certification
- Cloud Related Certifications : CCSK / CCSP or equivalent