Job Summary:
You are responsible for the overall strategy on the digital safety of the digital bank and all of its customers. You will formulate and implement the strategy in preventing and mitigating cybersecurity risks by implementing proactive security measures and actively delivering cybersecurity threat intelligence analysis to relevant stakeholders across the organization
Job Responsibilities:
- Being the champion of all cybersecurity best practices across the organization
- Continuously evaluate the effectiveness and reliability of new and existing intelligence sources in order to make recommendations for cybersecurity improvements
- Continuously identify gaps and improve the threat intelligence program lifecycle as well as the core threat detection and monitoring capabilities
- Work closely with the IT and DevOps teams to respond and investigate security events. When necessary, carry out digital forensic for reporting and auditing purposes
- Support security operations activities by providing contextual intelligence data, analysis support, and remediations/countermeasures recommendation
- Establish strategy and methods to improve correlation and enrichment of internal cyber defense systems
- Conduct analysis of incoming 3rd party threat intelligence feeds and other source of threat reports for relevance and impact on the digital bank
- Deliver relevant and actionable intelligence to business stakeholders and other digital bank security functions regarding threats to their respective domains.
- Propose cyber defense solutions backed by intelligence data, to mitigate risks and improve the digital bank’s overall security posture
- Mentor the team for both professional and personal development
Job Requirements:
- Degree in Information Technology (IT), Computer Science of other related disciplines with relevant experience in managing iT security in financial market infrastructures, or security intelligence
- Professional certification such as CISM, CISA, CSXP, CISSP, CREST, GPEN, CCISO, PCI-ISA or equivalent will be an added advantage.
- More than 5 years of experience in information security or cyber risk areas
- Hands-on working experience on best practice standards for cyber security such as PCI, BNM RMiT, ISO 27001, NIST Cyber Security Framework, PDPA or equivalent will be an added advantage.
- Knowledge of Intelligence Community (IC) fundamentals (e.g. intelligence classifications, TLP, ISACs,etc.)
- Knowledge of utilizing Threat Intelligence Platforms
- Knowledge of threat intelligence cycles and collection management
- Knowledge of security defense systems (e.g. Firewall, AV, IDS, IPS, etc.)
- Knowledge of incident response, and threat hunting processes
- Familiarity with Docker/Container, Container Orchestration (Kubernetes)
- Familiarity with modern cloud service provider such as AWS, Azure, and GCP
- Strong analytical skills and the ability to think creatively when approaching technical challenges
- Good understanding of the latest cyber threat landscape and methods to detect and mitigate the risks
- Strong report writing, and communication (written and verbal) skills.
- Ability to set and manage expectations with stakeholders and team members.
- Ability to respond to immediate requests from stakeholders and assess ongoing priorities, executing with minimal direction or oversight