Snr Assoc/Assoc, Security Engineer Project Advisory, Information Security Services, Group Technolog

Business Function

Group Technology enables and empowers the bank with an efficient, nimble, and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In Group Technology, we manage most the Bank's operational processes and inspire to delight our business partners through our multiple banking delivery channels.

Role

We are seeking an experienced security engineer to join our in-house Information Security Services team, with a primary focus on developing AI-enabled solutions to support security risk assessment, threat modelling, and project advisory activities across the bank.

The role is responsible for designing, building, and operationalising AI-driven capabilities that enhance the scale, consistency, and effectiveness of information security advisory services. This includes applying data analytics, machine learning, and automation techniques to strengthen the organisation’s security posture, improve risk insight, and support informed decision-making.

The successful candidate will work closely with security specialists, technology teams, and business stakeholders to translate security requirements and advisory workflows into practical, secure, and governed AI solutions.

Responsibilities

• Design and develop AI-enabled solutions to support security risk assessments across business, application, and infrastructure initiatives.
• Build and maintain AI-driven threat modelling and risk analysis capabilities to identify, prioritise, and articulate security risks and control gaps.
• Develop intelligent tooling to support security advisory activities across all phases of the project lifecycle, including design reviews, control validation, and risk acceptance.
• Apply AI and data analytics techniques to enhance third-party security due diligence, including evidence analysis and risk profiling of service providers.
• Translate security risks, insights, and recommendations generated through AI-assisted analysis into clear, actionable outputs for stakeholders and senior management.
• Collaborate with security engineers and architects to embed AI-driven insights into the design and implementation of approved security controls.
• Evaluate emerging AI technologies, models, and practices, and assess their suitability, risks, and governance requirements for use within the bank’s security function.
• Ensure that all AI-enabled solutions comply with internal security standards, regulatory requirements, and responsible AI principles

Requirements

• Proven experience in applying automation, analytics, or AI in security contexts.
• Strong foundation in information technology domains, including application architectures, cloud platforms, APIs, data platforms, IT infrastructure, and Microsoft 365.
• Demonstrated ability to design, build, or integrate AI or data-driven solutions to support decision-making, risk assessment, or operational efficiency.
• Experience working hands-on with emerging technologies and assessing associated security, privacy, and control implications.

Functional / Technical Competencies

• Ability to design and apply AI or data-driven techniques to support security risk assessment, threat modelling, and control effectiveness evaluation.
• Knowledge of information security risks and controls within enterprise and product development environments, and how these can be augmented through AI-enabled analysis.
• Knowledge of enterprise security controls across endpoint, network, server, application, data, cloud, access control, and Microsoft 365 environments.
• Understanding of regulatory and compliance requirements, including MAS Technology Risk Management Guidelines, and their implications for AI-enabled security solutions.
• Awareness of threat actor tactics, techniques, and procedures, and the ability to incorporate such knowledge into AI-assisted detection, analysis, or risk modelling approaches.

• Strong analytical and communication skills, with the ability to explain complex AI-driven security insights clearly to technical and non-technical stakeholders.

Location:

Job:

Schedule:

Employee Status: