Senior Associate, Security Engineer Project Advisory, Information Security Servi

DBS is a leading financial services group in Asia, with over 280 branches across 18 markets. Headquartered and listed in Singapore, DBS has a growing presence in the three key Asian axes of growth: Greater China, Southeast Asia and South Asia. The bank's capital position, as well as "AA-" and "Aa1" credit ratings, is among the highest in Asia-Pacific. DBS has been recognised for its leadership in the region, having been named “Asia’s Best Bank” by The Banker, a member of the Financial Times group, and “Best Bank in Asia-Pacific” by Global Finance. The bank has also been named “Safest Bank in Asia” by Global Finance for seven consecutive years from 2009 to 2015.

Business Function

Group Technology enables and empowers the bank with an efficient, nimble and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In Group Tech, we manage the majority of the Bank's operational processes and inspire to delight our business partners through our multiple banking delivery channels.

Job Summary

We need an experienced technology specialist to join our in-house Information Security Services team in a long-term position. The successful candidate will participate in various bank projects as an information security engineer to perform threat modeling, risk assessment and engineer information security related solutions to support the project; and second, the Information Security Specialist will evaluate and drive the use of new technologies to enhance the security strength of our organization.

We’re looking for a responsive, highly productive professional who can work with numerous business and technical employees and vendors to deliver quality project advisory services.

Responsibilities

• Perform risk assessment for business, application, and infrastructure projects
• Participate, perform threat modeling, risk assessment, and recommend information security controls/processes for key projects
• Perform information security due diligence on outsourcing service providers, including conducting site audit of their premise and facilities.
• Explain assessed risk and recommended security controls/processes to key stakeholders including senior management
• Lead and drive implementation of information security solutions
• Evaluate, recommend and drive the use of new technologies and processes that will enhance the bank’s security strength while balancing user experience and security objectives
• Respond to information security issues during each stage of a project’s lifecycle

Requirements

• Working experience in performing system security reviews or IT security audits
• Working experience in the information technology domain (Generative AI, mobile application, monolithic application, microservices, APIs, server virtualisation technology, container technology, public cloud, data analytics platform, IoT, Microsoft 365) and preferably in the information security domain
• Willingness to get hands on to explore new technologies and evaluate the controls
• Bachelor’s or Master’s degree in Computer Science or equivalent
• Professional certification such as CISA, CISM, CISSP, GIAC GISP will be an added advantage
• Able to travel on a need to basis.
• Possess good knowledge on information security risks and controls in an enterprise environment and product development environment.
• Able to perform security risk assessment and communicate residual risks clearly to stakeholders.
• Possess good knowledge in various enterprise security controls (e.g. end-point security, network security, server security, application security, data security, cloud security, access control, Microsoft 365 security).
• Good understanding of regulatory requirements (e.g. MAS Technology Risk Management Guidelines, PCI DSS, Personal Data Protection Act).
• Knowledge of tactics, techniques, and procedures associated with malicious insider activity, organized crime/fraud groups and both state and non-state sponsored threat actors.

Apply now

We offer a competitive salary and benefits package and the professional advantages of a dynamic environment that supports your development and recognises your achievements.