Section Head, IT Security Services

RHB BANK BERHAD
  • Job category
    Banking and Finance, Engineering, Information Technology, Insurance, Others
  • Job level
    Middle Management
  • Contract type
    Permanent
  • Location
    Central
  • Salary
    S$8500 - S$17000

Job Description

Job Description:

Primary Objective

Lead and manage a team of IT Security and Networks related specialists and to serve as a custodian on behalf of Singapore Operations to advise, plan, implement, maintain, support (and retire/refresh where required) all locally managed IT security and network components needed to secure the bank and support key bank initiatives. Key security components consisting of firewalls and firewalls rules checking platform, Networks, Network scanning and NAC, VPN and Digital token platform, Filters and Proxies, DLP platform, Anti-virus and EDP, Vulnerability assessment scanning platform, Compliance/configuration checking, Security operations (SOC) and SIEM platform, DB activity monitoring, Cloud monitoring, HSM, Certificate Mgmt., DDOS protection, WAF protection, and ID Mgmt. related platforms. Tasked to lead cross IT initiatives related to ensuring full stack of workloads are designed, deployed and maintained in a secure manner resistant to cyber and malware exploitation and data leakage threats, and when potential IT security threats are identified, to lead the investigation and recovery:

  • Oversee IT operations and performance of IT systems to ensure operational effectiveness and efficiency – IT Security and Networks related.
  • Oversee new application/systems development/platform acquisitions to meet evolving Singapore Operation’s needs – IT Security and Networks related.
  • Ensure IT is operated in a manner that complies with Bank Policies and frameworks, standards, circulars, guidelines and MAS regulated act, notices, circulars, and guidelines applicable to technology (Compliance, Audit, Risk Adherence). – IT Security and Networks related.
  • Ensure IT assets are protected and secure – IT Security and Networks related.
  • Oversee the annual budgeting and then effective usage and spend within budget the Capital and Operational expenditures related to technology - Applications related
  • Be a key stakeholder and technology partner on the bank Digital journey. – IT Security and Networks related.
  • Build a strong and competent technology team. – IT Security and Networks related.
  • Foster and champion bank PRIDE values within the technology department and imbue the department with a culture of teamwork, innovation, discipline, resiliency and dedication to how work is approached. – IT Security and Networks related.

Key Responsibilities

Strategy, Planning, Mgmt. Reporting

  • Provide expert advice and support to the Head of Technology and Operations, Head of Technology and other Singapore Operations Department heads in relation to the Branch’s IT strategy and operational functions – IT Security and Networks related.
  • Formulate a comprehensive Branch IT strategy covering IT policies and procedures, security, architecture, business solutions and operational functional requirements – IT Security and Networks related.
  • Keep abreast of developments and innovations in the FI IT landscape – IT Security and Networks related.
  • Provide mentorship, support and guidance to subordinates, share information and facilitate problem solving – IT Security and Networks related.
  • Ensure staffing is maintained at level required and that staff are trained in skills needed to complete their job and have a career plan clearly outlined and communicated per Bank PA assessment related processes. Arrange training where necessary to fill out gaps in training due to turnover or new areas of knowledge. – IT Security and Networks related.
  • Co-ordinate the yearly budgeting for IT expenditures and investments. – IT Security and Networks related.
  • Co-ordinate, compile and table Mgmt. reports to update on IT status (SG ITSC, RIMC, SRC, SG MANCO) – IT Security and Networks related.

IT Operations

  • Oversee performance monitoring of systems to ensure outstanding operational effectiveness at low operating costs – IT Security and Networks related.
  • Ensure prompt and efficient provision of IT support – IT Security and Networks related.
  • Setup and ensure security related monitoring
  • Manage the outsourced SOC operations and perform any L2 escalation assessments
  • Manage team that Performs ID Mgmt. for Administrative accounts
  • Manage team that Performs ID Mgmt. for AD and Critical systems users.
  • Ensure User access reviews are conducted on annual / semi-annual depending on nature of access review
  • Ensure scheduled VA scans on monthly basis and track follow-ups
  • Arrange and conduct recurring pen testing and track follow-ups
  • Arrange and conduct recurring firewalls rules validation and track follow-ups
  • Monitor and follow-up any possible security issues (originating from proxies, filters, DLP, NAC, AV/EDR, Cloud conformity / Guard duty)
  • Maintain and update firewall rules
  • Custodian for HSM
  • Custodian for all Digital certs and encryption keys related

Job Requirements:

  • Bachelor Degree/Masters in relevant fields with min. 10 years’ experience in managing IT Security teams in an established financial services institution based out of Singapore or Malaysia.
  • Experience directly running a SOC, or else managing an outsourced SOC
  • Experience leading digital forensics investigations
  • Some experience and/or strong interest in AWS and Cloud technologies
  • Experience managing vendors
  • Strong domain in following areas (VAPT - nessus, Source code review, firewalls – checkpoint, fortisgate, Juniper, VPN – RSA and Checkpoint, Firewall rules checking – Tufin, DB monitoring – Imperva, Anti virus / EDR / filters / Proxies – Trendmicro solutions, DLP – Macfee, NAC – CISCO ISE, AWS Guardduty and security hub, SIEM – Log rhythm and Splunk, Tripwire, DDOS, WAF, HSM, ID Mgmt.)
  • Good understanding of computer crime.
  • Strong project management, communication and documentation skills, well organized, customer focus and reliable
  • Ability to manage outsourcing SLA and relationships
  • Familiarity with AWS or other CSP cloud platforms.

Professional Accreditation:

  • Preferably certified with CISSP, CISA and/or CISM

Closing on 02 Jul 2021

orview more job listings from this company