We are looking for a candidate with at least 5 years of experience in Application Security and Cyber Security Incident Management.
The candidate will participate in IT project security reviews conducted on a global basis across all platforms. This requires the incumbent to foster close working relationships with other business areas and IT Development / Production teams.
The consultant will work hand in hand with the IT Dev, Prod teams and the business, as an enabler and a facilitator.
The candidate will be a member of the WM IT Security Operations team and will report hierarchically to the WM CISO EMEA and functionally to the Head of WM IT Security Operations. She/he will work with various stakeholders located in Singapore, Chennai, Switzerland, and Paris.
Certification (not mandatory but strongly recommended): CISM, CCSP, CSK, CEH, CISSP.
Main Tasks:
APPLICATION SECURITY
* Ensure the effective implementation of Secure SDL including the DevSecOps and Threat modelling practices.
* Identify and implement the latest security standards for internet facing and internal assets.
* Improve the Vulnerability Management at the application level in terms of efficiency as well as effectiveness (including Static Acceptance Security Testing – SAST, Dynamic Acceptance Security Testing – DAST and Software Composition Analysis – SCA).
* Perform Security risk assessments and reviews to be presented to respective committees.
* Ensure the adequate security level for all WM GAIM applications, whatever the IT project manager’s location and hosting provider.
* Ensure the alignment with the Group and WM GAIM security policies, for both project and production assets.
* Ensure the protection of WM business data with an adequate security level of WM assets, based on project assessment and production review processes.
* Ensure compliance with regulatory bodies requirements, including for APAC (HKMA, MAS, FSC), EU (DORA), Switzerland (FINMA).
* Leveraging on a deep knowledge of Security standards such as NIST, CIS, ISO2700x, ensure compliance with the IT security requirements.
* Ensure compliance with the Third-party Technology risks and Cloud security.
* Identify process gaps and provide solutions.
CYBER SECURITY
* Ensure coordination with other IT security or other actors in the region or globally.
* Assist for a Risk Treatment for any WM issue, based on the processes.
* Identify the IT security risks in advance, record and follow-up them.
* Define and contribute to processes from a cybersecurity perspective.
* Periodic reporting of security status to WM IT Domain Head and security champion.
* Ensure regular reporting for management follow-up.
* Handle Cyber alerts & Incident by investigating and following with handlers until the issue is closed.
* Ensure to onboard the Assets & Applications in SIEM and handling BAU, create/update relevant documents.
PRODUCTION SECURITY
* Ensure the effectiveness and success of the vulnerability management process.
* Ensure the compliance level of the production environment and integrate to reporting.
Technical Skills:
* Application Security
* IT Security Compliance
* Cyber Security Incident Management
* Vulnerability Management
Soft Skills:
* Ability to deliver / Results driven
* Ability to synthesize
* Communication
* Data Analytic
* Knowledge of Bank Sector
Seniority level
Mid-Senior level
Employment type
Full-time
Job function
Information Technology
Industries
Technology, Information and Media
#J-18808-Ljbffr