Position

We are looking for a Cybersecurity Engineering Specialist with expertise in Security Engineering and Risk Management. Joining the IT Security Officer team within the Chief Information Security Officer (CISO) department, you will focus on reviewing and assessing the security of our corporate desktops, servers, infrastructure applications and networks. Your responsibilities will include policy enforcement, risk management and cyber risk assessments, ensuring alignment with internal information security policies, standards, and external regulatory requirements. This role requires a strong understanding of security best practices, knowledge in Cloud technologies, and hands-on experience with enterprise security tools and frameworks. You will collaborate with the Credit Agricole CIB security community across ASIA and with other global entities.


Main Responsibilities

1.    Security Engineering
Ensure security requirements are incorporated early into the systems development lifecycle of the enterprise IT infrastructure, systems, and applications.
Ensure governance through regular review, reporting and monitoring to ensure compliance with Policies and Standards, and alignment with regulatory requirements.
Evaluate and recommend security tools, technologies, and frameworks to strengthen the security posture of the bank.
Collaborate with stakeholders including IT infrastructure, DevOps, and application teams to ensure security measures and best practices are integrated throughout the development lifecycle of financial applications and services.
Prepare RFQ and evaluation criteria, Proof of concept (POC) during product evaluation. Consulting with vendors to implement security solutions.
Stay updated on emerging security threats and proactively provide solutions to safeguard IT systems from evolving risks.
2.    Governance and Risk Management
Conduct Cybersecurity Risk Assessments on IT systems and/or applications. (on-premises and cloud infrastructure).
Ensure security measures described in the risk analysis of IT projects are properly implemented.
Ensure that the audit on the Information systems has security measures in place that comply with the security policies and standards.
Identify gaps, deficiencies, or deviations on the implementation of the controls and analyse areas for improvement.
Collaborate with cross functional teams to provide evidence and insights during internal and external audits.

3.    Identity and Access Management (IAM)
Ensure Identity Access Management (IAM) policies around access management such as Role-based access control (RBAC), password management, Privileged access management (PAM) comply with security policies and standards.

4.    Data Protection

Ensure the implementation of data protection strategies are aligned with regulatory and operational requirements of the banking sector. This includes data classification, encryption, and key management (HSM, KMS).
Ensure the implementation of data loss prevention (DLP) solutions is adequate to mitigate the risk of unauthorized access, leakage, or alteration of critical data.
Ensure data access controls that are implemented follow security policies and standards, and regulatory requirements.
 

5.    Collaboration and Support

Work closely with cross-functional teams such as IT infrastructure, DevOps and Risk management including technology and business stakeholders, to ensure that security requirements are incorporated into system designs and day-to-day operations.
Ensure security training and awareness is provided within the bank to foster a culture of vigilance and proactive security.
Pro-active self-starter demonstrates initiative and works independently with minimum supervision.
Able to work independently and in a collaborative environment.

Education

• Bachelor’s Degree in Computer Science, Information Technology or equivalent.
• Minimum of 5-7+ years of experience in Information Security, Governance or Risk Management.
  Professional Certifications: CISSP, CISM, CISA, Cloud or equivalent (preferred).
• Experience in the financial services sector is highly desirable, with a strong understanding of the banking regulatory environment.

Requirements

·         Minimum of 5-7 years of experience in cybersecurity domain, with a focus on securing enterprise information systems, network security or cloud security.

·         Experience in the financial services sector is highly desirable, with a strong understanding of the banking regulatory environment.

·         Proficiency with security tools: IPS, VPN, Proxy, AV, EDR, vulnerability management.

Technical Skills

·         Hands-on experience such as network security, endpoint, EDR and data encryption.

·         Strong understanding of SIEM, network security, incident response, and threat detection and response.

·         Knowledge of software development lifecycle (SDLC), DevOps and integration with security assessment “Shift Left” is preferred.

Soft Skills

·         Analytical mindset with the ability to identify complex security challenges and devise effective solutions.

·         Effective communication skills, capable of engaging both technical and non-technical stakeholders in a clear and concise manner.

·         Meticulous, with a proactive approach to identifying and mitigating potential security risks.

·         Ability to work independently as well as part of a collaborative, cross-functional team.