- Role of Wealth Management Cybersecurity Security Officer, being understood this role includes delegations from APAC WM CISO.
- Participate to IT project security reviews conducted both on a global and APAC basis across all platforms. This requires the incumbent to foster close working relationships with other business areas and IT Development/Production teams.
- The incumbent will work hand in hand with the IT Dev, Prod teams and the business, as an enabler and a facilitator.
Direct Responsibilities
- Cybersecurity
o Ensure the protection of WM business data with an adequate security level of WM assets based on review processes
o Ensure the coordination with other IT security or other actors in the region or globally
o Assist for a Risk Treatment for any APAC WM issue, based on the processes
o Identify the IT security risks in advance, record and follow-up them
o Define and contribute to processes from cybersecurity perspective
o Periodic reporting of security status to IT Security Domain Head
o Ensure the regular reporting for management follow-up
o Ensure to follow-up on the DLP, Incident Management topics with by investigating and following with handlers until the issue is closed.
o Ensure to onboard the Assets Applications in SIEM and handling BAU, create / update relevant documents.
- Production Security
o Ensure the effectiveness and success of vulnerability management process
o Ensure the compliance level of the production environment and integrate to reporting
- IT security compliance (delegation on WM APAC scope)
o Ensure the alignment with the Group and WM GAIM security policies, for both project and production assets
o Ensure the compliance with regulatory bodies requirements, including for APAC (HKMA, MAS), EU (GDPR), Switzerland (FINMA)
o Leveraging on a deep knowledge of Security standards such as NIST, CIS,ISO2700x , ensure the compliance with the IT security requirements
o Ensure the compliance with the Third-party Technology risks and the Cloud security
o Identify the process gaps and provide solutions
- Coordination with IT Security actors
o Alignment on the objectives and means, contribution to the different global reporting (WM Cybersecurity Committee, Application Security Dashboard)
o Coordination and control of security activities performed by APAC Business Information Security and Production Security teams, including production security review, user security awareness for the WM scope.
o Coordination with the global security teams concerning integration of WM assets within production sites
o Keeping abreast of initiatives by the IT Security community within the Group and other IT Security stakeholders within the Group
Essential Technical Knowledge
- Network protocols and network connectivity concepts; Firewall and Internet technologies Deep Knowledge
- Secure application design and architecture principles including DevSecOps tools and practices (CI/CD) Deep Knowledge
- Secure access control mechanisms: Encryption and Key Management techniques Deep Knowledge
- Technical proficiency in various Operating Systems (Linux, AIX, Windows, AS400) and Databases (Oracle, MSSQL, PostGreSQL, MongDB Deep Knowledge
- Knowledge of understanding digital transformation and mobile technologies and Cloud (Containers Docker, Kubernetes). Good
- Knowledge of emerging technologies (NFT, encryption) Good
- Knowledge in technologies like OAuth, Single Sign On, API based approach, TDD, BDD Good
- Knowledge of standard IT Security concepts and methodologies Deep Knowledge
- Deep understanding of cybersecurity threats and remediation options Deep Knowledge
- IT Security Risk Assessment and Risk Management Good
- IT Incident Management, CSIRT, DLP Good
- IT Network Security (FW, WAF, Anti-DDos etc) Good
Essential Banking Knowledge
Banking Knowledge and understanding of Wealth Management specificities
International and APAC banking regulations
Essential Personal Skills
Communication skills Ability to interact throughout oral and written communication skills
Provide leadership to various stakeholders in proactive manner
Ability to provide an accurate reporting to the Management
Must be motivated, and able to work independently as well as part of a team
Must demonstrate ethical responsibility, maturity, and discretion
Specific Qualifications (if required)
- 5 to 8 years experience in information security
- Management or leadership experience
- Experience in evaluation and design of technical architectures and processes
- Functional as well as technical knowledge of the common technical frameworks and solutions
- Knowledge of the Norms and Standards of the banking and cybersecurity industry
Other Value-added Competencies
- Advanced IT security certifications may be advantageous (such as CEH, ISO 270001:2013 ,CSK).
- Operational Risk and Permanent Control
Skills Referential
Behavioural Skills :
- Creativity Innovation / Problem solving
- Communication skills - oral written
- Decision Making
- Ability to deliver / Results driven
Transversal Skills:
- Analytical Ability
- Ability to develop and adapt a process
- Ability to understand, explain and support change
- Ability to manage a project
- Ability to set up relevant performance indicators
Education Level: Bachelor Degree or equivalent
Other Value-added Competencies
- Advanced IT security certifications may be advantageous (such as CEH, ISO 270001:2013 ,CSK)