VP2, Senior Information Security Architecture and Surveillance Manager

VP2, Senior Information Security Architecture and Surveillance Manager

Posting Date: 19-May-2023

Location: Kuala Lumpur, Wilayah Persekutuan, MY

Company: United Overseas Bank (Malaysia) Bhd

About UOB

United Overseas Bank Limited (UOB) is a leading bank in Asia with a global network of more than 500 branches and offices in 19 countries and territories in Asia Pacific, Europe and North America. In Asia, we operate through our head office in Singapore and banking subsidiaries in China, Indonesia, Malaysia and Thailand, as well as branches and offices. Our history spans more than 80 years. Over this time, we have been guided by our values — Honorable, Enterprising, United and Committed. This means we always strive to do what is right, build for the future, work as one team and pursue long-term success. It is how we work, consistently, be it towards the company, our colleagues or our customers.

About the Department

Group Technology and Operations (GTO) provides software and system development, information technology support services and banking operations. We have centralized and standardized the technology components into Singapore, creating a global footprint which can be utilized for supporting our regional subsidiaries and the branches around the world. We operate and support 19 countries with this architecture to provide a secure and flexible banking infrastructure. Our Operations divisions provide transactional customer services for our businesses while also focusing on cost efficiency through process improvements, automation and straight through processing.

Job Responsibilities

1. Security SME - Technical Subject Matter Expert on offensive, defensive, network security and defense-in-depth methodologies and technology.
2. Manage Surveillance activities such as monitoring, investigation and incident response. Attend to escalation from Group SOC, Perimeter MSSP and users.
3. Manage security architecture and provide consultancy to strengthen security design.
4. Perform security gap/posture assessment and follow with stakeholders for remediation.
5. Coordinate vulnerability assessment and track remediation for closure.
6. Coordinate with vendors to perform Penetration test and track the findings for closure.
7. Assist with team coordination and team management.
8. Security Engineering - Coordinate with the team to manage security tools (IPS, SIEM, VA scan, DLP, AV, ATP).
9. Coordinate with the vendor to perform maintenance and enhancement activities on security tools.
10. Security Projects/Initiative - Coordinate with project manager to deliver security projects/initiatives and provide technical consultancy
11. Governance and Compliance - Collate and provide needed submission requested by various parties (auditor/regulator) to confirm the security policies, processes, guidelines, controls are followed/implemented accordingly.

Job Requirements

A Bachelor’s Degree in Computer Science, Engineering, Information Systems or its equivalent.

Minimum 8-15 years of related working experience.

Knowledge of IT security is essential. Industry certifications will be a plus e.g. CRISC, CISSP, CEH, CISM and CISA.

Highly result-oriented and can work independently.

Must be a self-reliant team player who is comfortable with managing multiple tasks and responsibilities.

Ability to build relationships and interact effectively with internal and external parties.

Strong engagement skills with stakeholders i.e. business and technology, will be a plus.

Good analytical, technical, written and verbal communication skills.

Ability to exercise discretion and independent judgment in applying established techniques, procedures or standards.

Technical expertise in one or more of the following: Network Concepts and Security, Encryption/Authentication fundamentals, Access Management, Application Security, Platform (Windows. UNIX/Linux) Security, Database Security.

Hands-on experience in various security tools (e.g. SIEM, IPS, Firewall, Vulnerability scanner tools, APT , XDR , NDR and forensic tools).

Familiar with security standards and best practices; regulatory requirements such as BNM RMIT, MAS, Paynet, PCI-DSS; Architecture and security of the operating system.