Tdi - Technology Information Security Officer (Tiso) - Vp

**TDI - Technology Information Security Officer (TISO) - VP**:
**Job ID**:R0381168

**Full/Part-Time**:Full-time

**Regular/Temporary**:Regular

**Listed**:2025-04-15

**Location**:Singapore

**Position Overview**:
**Details of the Division and Team**:
TISO is assigned a set of Application Software Assets and associated Databases, Infrastructure Software Assets, IT Services, Hardware Assets or IT Assets. TISO assumes ownership for these assets from an IT Security perspective.

It includes IT services outsourced to an external vendor and TISO is responsible to ensure compliance. TISO executes all tasks that are assigned to this role based on defined and approved internal policy, procedure, processes & controls.

**What we will offer you**:
A healthy, engaged and well-supported workforce are better equipped to do their best work and, more importantly, enjoy their lives inside and outside the workplace. That’s why we are committed to providing an environment with your development and wellbeing at its center.

**You can expect**:

- Flexible benefits plan including virtual doctor consultation services
- Comprehensive leave benefits
- Gender Neutral Parental Leave
- Flexible working arrangements
- 25 days of annual paid leave, plus public holiday & Flexible Working Arrangement

**Your key responsibilities**:
TISO’s responsibilities within the assigned Division or Function comprise:

- To accept the ownership and responsibility for the information security of the assigned IT Assets.
- To carry out the Information Security Risk and Compliance Assessments for the assigned IT Assets and processes to help identified IT Assets related risk and determine appropriate controls to mitigate risks
- To remain fully trained and skilled by completing the required Information Security training provided by CSO or as requested by the Principal TISO or the Divisional TISO.
- To provide guidance to key role holders such as ITAOs (IT Asset Owner) and ISOs (Information Security Officer) to develop a secure environment by evaluating the IT Security requirements as early as possible in the system development life cycle to select the applicable information security controls for implementation.
- To guide ITAOs on the implementation of compensating controls in case of deviations from the applicable information security controls.
- To approve the access control and user authorization setup of the assigned IT Assets.
- To execute and document periodical recertification of access rights in compliance with the DB Group Identity and Access Processes.
- To cooperate with key role holders such as ITAOs and ISOs to put monitoring capabilities for IT Assets in place. To review the output of the monitoring jointly with the key role holders such as ITAOs and ISOs to avoid degradation of the required security level.
- To analyze and review the configuration of IT Assets where required and to advise on the remediation of gaps according to the applicable Information Security policies.
- To contribute to the Information Security Incident Management Process in the case of a security breach for their IT Assets, if requested.
- To assess and document the IT Risk associated with outsourcing engagements with external vendors
- To actively participate in the discussion with external vendors to ensure that proper due diligence is performed on IT Risk & Controls as per Bank’s and Regulatory framework
- To maintain the Information Security related documentation of assigned IT Assets in the DB Group IT Asset inventory.
- First point of escalation and conflict resolution internal as well as with central functions or parties outside DB (eg. Regulator).
- Pre-empt changes in the legal/ regulatory environment and support and advise senior management of potential impacts.
- Oversees the performance and quality assurance of assessment executions for upcoming audits and/or execution of legal/ regulatory.
- Ensures appropriate senior management awareness/oversight to follow-up on action items to resolve identified issues.

Role is required to be performed on-site at One Raffles Quay office. Relevant vaccination requirements may apply.

**Your skills and experience**:

- Min 7 years’ experience in Information Security risk and compliance management or similar experience.
- Working experience in Shell scripting, Windows, Unix, Linux platforms and Oracle & SQL database, Network protocols & security, multi-factor authentication
- Proven understanding of MAS & HKMA TRM Outsourcing guidelines and Vendor Risk Management.
- Working experience and knowledge : in either of Information Security, Data Protection, Software Development, Audit Management, DevOps Security, Broker solutions, Designing alert mechanisms & Monitoring, Recertification.
- Proven working experience in Configuring TLS/SSL, PKI, ACLs, API Security.
- Experience in Cloud Platform
- Proven experience in performing analysis/review/monitoring from Risk management perspective
- Working experience and knowledge : in