• Conduct security-by-design reviews on new programs, initiatives, projects, Cloud services and technologies regionally (in-house development, Commercial Off-The-Shelf, SaaS), ensuring sufficient documentation for compliance / audit. • Collaborate with Group and Regional information security teams, as well as business stakeholders, to ensure project implementation aligns with security controls in accordance with policies, standards, guidelines, and regulations. • Take part in the security architecture blueprint and design review process for the Cloud hosted solutions. • Ensure critical vulnerabilities are tracked and remediated prior to application go-live. • Analyze, review, and approve non-standard software/technology implementations regionally. • Perform ad-hoc and periodic reviews of Proxy/Network/Firewall requests, designs, and configurations. • Provide advisory and consultation to business units, business owners, and project teams for any Cloud Security related matters. • Create a culture of security-by-design awareness by conducting related training for local business units (LBUs) and other relevant stakeholders. • Create, maintain, and update relevant security policies, standards, and operating procedures. • Support the team leader with any assigned security operation tasks related to Identity Access Management, endpoint security, network security, data protection, DLP, VAPT, security alerts, and incidents.
待遇面議
(經常性薪資達 4 萬元或以上)
• Recognized degree in Computer Science or related Engineering fields. • 5–7 years of demonstrated experience in reviewing and identifying gaps in architecture blueprints and designing controls, especially in the Cloud domain. • Candidates with proven experience in the financial services industry are preferred. • Must be able to recommend mitigations to threat models based on threat vectors and exploits. • Good knowledge and experience with regulations, including PDPA, MAS guidelines, and technology/cybersecurity regulations in other Asian countries (e.g., Thailand, Malaysia, Taiwan). • Understanding of asset and/or wealth management businesses, including trade lifecycle and operational processes, is a plus. • Certifications such as CISA, CISSP, and CCSP are encouraged and demonstrate continuous learning and application of standard methodologies. • Ability to understand business requirements and security risks during security assessments and consultations. • Understanding of business direction from products, solutions, market, and technology perspectives in the Cloud domain. OTHER TRAITS • Possess exceptional problem-solving and data analysis skills. • Positive attitude and collaborative mindset. • Highly motivated to stay updated with the latest developments in technology-related regulations and to acquire broad technical knowledge and skills. • Strong communication, presentation, and interpersonal skills; ability to work collaboratively and effectively with employees at all levels in different geographies. • A good team player in managing internal and external stakeholders to resolve issues and align with objectives. • Exhibit proactiveness in identifying, articulating, and remediating gaps and issues.