Information Security

At Bank of Singapore, we are constantly on the lookout for exceptional individuals to join our team. We promote a culture of openness, teamwork and fairness. Most importantly, we invest in our people through our programmes that develop them on both professional and personal levels. Besides attractive remuneration packages, we offer non-financial benefits and opportunities to develop your potential within OCBC Group’s global network of subsidiaries and offices. If you have passion, drive and the will to succeed, rise to the challenge today

Responsible for second line of defence related to governance and oversight of Information Security Risk and Digital Risks (Technology, Information and Cyber) within the organisation.

**Responsibilities**
- Lead and support the risk governance and oversight of Information Security Risk and Digital Risks (Technology, Information and Cyber) in second line.
- Lead second line Information Security initiatives and establish/roll-out Local Information Security Office (LISO) program to each of global locations within the organisation.
- Lead and represent second line in regulatory assessments in Information Security risk and Digital risks topics.
- Lead and / or support internal / cross-functional initiatives such as technology, information and cyber thematic and process reviews, as well as technology projects.
- Lead and / or participate in risk committees and working groups that have been established to enhance governance and oversight over Information Security risk and Digital risks matters.
- Develop, review and maintain Information Security and Digital risk framework, policies and departmental operating procedures to ensure that they are relevant, up to date and aligned to Group and regulatory standards.
- Monitor Information Security and Digital risk exposures via dashboards and Key Risk Indicators (KRIs) and provide independent reporting on the effectiveness of risk posture or activities to management.
- Provide risk advisory services to business units on the adoption of new and emerging technologies (e.g. cloud computing, Fintech etc), as well as third party arrangements.
- As a second line of defence, provide an effective challenge on the adequacy, completeness and timeliness of risk assessments and / or action plans that have been put in place to address prevailing and emerging Information Security and Digital risks. This includes the review of system risk acceptances.
- Plan and deliver a comprehensive Information Security and Digital risk awareness training and testing program for all staff. This includes the conduct of periodic social engineering tests to reinforce awareness.

**Qualifications**
- Good understanding of banking processes, technology, operations, and regulations (in particular MAS Technology Risk Management Guidelines), as well as ISO 27001.
- Prior experience in managing projects / change initiatives would be an added advantage

Academic and professional qualifications
- University degree preferred.
- Professional certification in information security. E.g. CISA, CISM, CRISC, CISSP etc.
- Proficient in Microsoft Office Applications (i.e. Excel, PowerPoint, Word).

Language skills
- Fluent in English.

Personal attributes
- Good communication, presentation and interpersonal skills to facilitate interactions with key stakeholders within and outside of the organisation.
- Ability to collaborate well within the team, department and across different departments/locations.
- Able to exercise sound judgment and establish plans to manage the execution of deliverables within the stipulated timelines.
- Self-driven with attitude and aptitude to learn and accomplish tasks that have been assigned.
- Analytical mindset and good report writing skills.
- Able to prioritise and multi-task in a competitive environment
- A team player.