Information Security Officer, Asia

At Julius Baer, we celebrate and value the individual qualities you bring, enabling you to be impactful, to be entrepreneurial, to be empowered, and to create value beyond wealth. Let’s shape the future of wealth management together.

The incumbent is responsible for supporting the Head Information Security Asia in the areas of governance, risk and processes, consulting and awareness, and DLP related activities for Asia (mainly Singapore, Hong Kong and Japan). This means providing the needed support in developing, driving and managing all Information Security activities (including projects and education) in BJB Asia. The incumbent will also work closely with global counterparts in Switzerland as part of the team to support the rollout of global initiatives in Asia.

As part of the Risk Management function in the Bank, the incumbent will need to work closely with the IT, Corporate Services or other relevant functions together with the Head of Information Security Asia to ensure that Information Security risks are highlighted, mitigated and remediated appropriately.

**YOUR CHALLENGE**:
**Information Acquisition**
- Actively collaborate in local know-how sharing groups (should there be any of relevance)
- Continuously learn about new detection techniques
- Keep abreast of new or changing regulatory requirements and technology advances and identify trends, potential new technologies, and emerging threats which may impact the business

**Security Monitoring**
- Identification of monitoring needs and use cases
- Proposal of solution to cover the identified need (e.g. monitoring pattern)
- Assistance during implementation of the proposed solution
- Documentation of monitoring/response processes:

- Processes (ibo)
- Additionally, where necessary: Work instructions (Wiki)

**Security **Event Response**
- Response to security events/incidents according to team agenda and, where available, based on processes/work instructions
- Incidents assigned to L2_Security_Operations_ZRH and events displayed within Cerberus/Hydra
- Support in the investigation of information security related incidents
- Follow up with management and required parties in implementing mitigation actions for identified risks and resolving Information Security risk issues as needed
- Escalation of incidents where required

**Security Initiatives**
- Support in the implementation of education and awareness plans of Information Security in the Bank (e.g. Phishing campaigns)
- Regulatory engagements (questionnaires, responses to regulatory circulars and advisories etc.)
- Security investigations and escalations (e.g. misconduct)

**Other Operational Tasks / Cross-Topic / Admin**
- Daily handover SGP/ZRH (call or wiki)
- Participation in Bilas and team meetings
- Response to enquiries directed to SOC group mailbox
- Participation in projects as assigned by SOC team head
- Monthly security reporting for Asia

**Regulatory Responsibilities &/OR Risk Management**
- Demonstration of appropriate values and behaviours including but not limited to standards on honesty and integrity, due care and diligence, fair dealing (treating customers fairly), management of conflicts of interest, competence and continuous development, adequate risk management, and compliance with applicable laws and regulations
- Responsible to support in defining requirements and implementing any initiatives in relation to the defined roadmap for Asia
- Support in the implementation of the governance framework for information security in Asia
- Work across global and regional groups and communicate information risk matters effectively, even to senior management
- Responsible for information security related controls and ensure its execution
- Support DLP operations within information security
- Drive or support the implementation and operationalization of a data ownership concept including the underlying processes where data owners are typically involved like:

- Ad-hoc data extractions
- (Re-) certification of access rights
- Review and approval of security concept
- User acceptance test

**YOUR PROFILE**:
**Personal and Social**
- Strong inter-personal and communication skills
- A hands-on individual who can work independently to drive initiatives and tasks
- Ability to influence others and resolve conflicts constructively
- Able to work under pressure
- Able to communicate with all levels of stakeholders including top management
- Ability to prioritize and multi-task in a competitive environment

**Professional and Technical**
- A good Bachelor’s Degree in IT Security, Computer Science or Computer Engineering
- 5 - 7 years’ of relevant Information Security experience in banking, preferably in Wealth Management
- Strong knowledge of Information Security, IT Risks and Controls and related security technologies with hands-on experience
- Strong knowledge of regulatory standards in both Singapore and Hong Kong
- Professional certification in Information Security (e.g. CISSP, CISM and