In this role, you will be a full time Information and Cybersecurity professional with experience in infrastructure and application security risk assessment, design reviews as well as being a cybersecurity trusted advisor to the engineering teams. It requires a broad understanding of the firm's Information Security/Cybersecurity policies and controls as well as cybersecurity industry standards, good practices and patterns, including real-world experience in designing secure and resilient technology platforms, both on premise and Cloud.
The ideal candidate will be able to demonstrate effective technical advisory skills in assessing risk and cyber threats for the firm by engaging with teams across different Divisions. They will work with regional and global teams within Technology Risk to protect the firm against cyber threats. A candidate with a background in information and cyber security within the financial services sector is an added advantage.
- Conduct security assessment of business initiated projects helping to drive adoption of application and infrastructure security controls and best practices
- Advise on leading edge engineering to protect the firm's network from security risks related to client/server architectures, Cloud architectures, web services and mobile applications
- Conduct risk reviews of 3rd party systems and applications to assess the standard and proprietary application security controls used by the application (e.g. authentication, authorization, input validation, output sanitization, error handling, application resilience) against firm policies and standards
- Work with local teams in various jurisdictions where specific technology and cybersecurity regulations create requirements that are not directly supported by our global framework.
- Drive implementation of security controls in various platforms by working with technology infrastructure teams
- Demonstrate deep understanding, passion and thought leadership for Information and Cybersecurity and the impact of new technologies, services and solutions
- Collaborate with the global team to continually operate and improve a world-class cyber program by providing input into the uplift of sensory tools, detection tuning, and access to data sources to increase detection effectiveness
- Drive the adoption and uplift of global security programs throughout the Asia Pacific region
- Convey complicated technical analyses to senior management via comprehensive presentations
- Respond to regulatory requests regarding preventive and detective security measures
- Communicate status and risks in a succinct, direct and open manner for proper issue management life cycle tracking
- Deep technical understanding of both application and infrastructure architecture and security (on premise and Cloud)
- Bachelor degree or higher
- 3 to 7 years of relevant technical experience in Information and Cybersecurity
- Excellent English communication skills, both verbally and in writing
- Language skills, in addition to English, such as Japanese and/or Chinese (e.g. written/spoken Mandarin) would be considered an advantage
- Exceptional attention to detail
- Strong analytical, interpersonal, problem solving, organizational and time management skills
- Excellent influencing skills and the ability to develop and maintain good relationships
- Strong sense of ownership and accountability, driven to manage tasks to completion
- Ability to communicate status, risks, and technical details in a succinct, direct and open manner to both technical and non-technical audiences
- Ability to engage in deep technical discussions with other Engineering groups, as well as ability to convey the same concepts and issues at a high level to senior management
- Excellent presentation skills
- Experience working in a distributed multi-disciplinary team with expectation for rapid escalation of issues and risks
- The ability to multi-task effectively and interact in a matrixed organization is essential
- Experience working in Information security / Cybersecurity from a sizeable multinational organization
- Work effectively both independently and as part of a team, self-motivated and deadline driven
- Graduate degree in Computer Science, System/Computer Engineering, Cyber-Security, or Information Security is preferred. Bachelors of Science/Arts in Forensic Computing, System/Computer Engineering, Data Science, Engineering, Operations Research, or Decision Science will be also considered.
- Coursework or experience in computer science, computer security, computer networking, system design, system integration, software development, emerging technologies, open source frameworks, encryption schemes, and application testing/penetration testing/reviews preferred.
- Experience working in Information/Cyber security from a sizeable multinational organization
- Industry Certifications such as CISA, CISSP or Forensics-related certification are beneficial