Sopra Steria is a listed European tech leader specializes in Consulting, Digital Service, and Software. We have 50,000 employees worldwide located in different regions (Europe, North America and Asia), whereby Singapore is the HQ for APAC. EvaGroup Asia Pacific is part of Sopra Steria I2S APAC, in charge of Infrastructure, Cloud and Cybersecurity services.
For this position, weare looking for a Security Information Expert, VP, to assist one of our clients in the Financial/Banking industry.
Responsibilities:
Security Control Review:
- Define scope, roadmap, and testing plan to assess key cybersecurity controls on an ongoing basis
- Perform test of design and effectiveness on key cybersecurity controls
- Work to embed control testing within the organisation with a focus on automation and efficiencies
- Work with various teams to define follow-up actions to remediate control weaknesses identified
- Maintain, review and renew risk acceptances for control risks that cannot be fully mitigated
Project Security Assessments:
- Work with relevant teams to perform security assessments, reviewing high and low level architecture designs, and provide recommendations to mitigate identified risks on new projects being rolled-out
- Depending on the nature of the project, security assessments should cover application and data security requirements to ensure compliance with internal policies and framework
- Ensure compliance with cybersecurity related regulations that may be relevant to the project
- Perform follow-up on remediation actions that may result from the security assessment
Third Party Risk Assessments:
- Perform information security reviews on requests for outsourcing, including review of the vendor's security capability and risk of data leakage
Regulatory Reviews:
- Perform reviews to assess the company compliance against cyber regulatory topics across Asia
- Work with Compliance to identify new and arising regulatory requirements with impact to cybersecurity
Participation in committees:
- Participate in regional and global governance meetings and normative committees where required
- Provide updates within the team and liaise regularly with other teams in Asia, including application managers, technology, compliance, operational risk managers, risk management and third party management
- Proficient in performing security architecture and security design reviews
- Knowledge of application, system and network auditing
- Strong understanding of IT infrastructure and IT applicative framework architectures
- Familiarity with cloud computing and container technologies (docker and kubernetes)
- Good understanding of application vulnerabilities and common exploits (e.g. OWASP Top 10)
- Knowledge of security hardening standard (e.g. Centre for Internet Security benchmarks, NIST)
- Experience with security control reviews and audits
- Experience in performing third party reviews / assessments
- Familiar with cybersecurity regulatory topics in Asia (e.g. HKMA C-RAF, MAS TRM, etc)
- Computer programming experience desirable
- Excellent English verbal and written communication skills, experience in communicating complex technical topics at senior organizational levels,up to and including MD level
- Client oriented mindset, results driven, proactive and quick to react to requests
- Innovative and bringing new ideas to improve processes
- Bachelor degree in Information Technology or equivalent
- Professional qualification such as CISSP, CISM, ITIL
- Experienced security professional with 8+ years of relevant experience
- HKMA Enhanced Competency Framework (ECF) certification is preferred
