Business Function Group Technology and Operations (T&O) enables and empowers the bank with an efficient, nimble and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In Group T&O, we manage the majority of the Bank's operational processes and inspire to delight our business partners through our multiple banking delivery channels. Role Synopsis This role will be responsible for leading the 3 rd party security governance operation that will oversee adherence of established 3 rd party service provider framework on behalf of the Bank, focused on effective management and oversight of the Banks critical and important enterprise vendors and other 3 rd parties. This roles' primary goals are to:
Ensure the success and adherence to established outsourced service provider governance framework across the Bank through effective supplier management practices to ensure standardization, governance, and overall program effectiveness.
To establish 3 rd party governance framework that includes governance of important, non-outsourced 3 rd parties, offsite development centres and secured facilities setup
Leading candidates must be excited about working in a flexible environment, collaborating with business partners, and delivering high quality results in a fast-moving workplace. Key Accountabilities
Establish and maintain 3 rd party security governance requirements, framework, and standards.
Ensure strict compliance of 3 rd parties in accordance to established framework and standards.
Perform continuous governance and timely escalation/remediation of any issues identified.
Job Duties and Responsibilities
Evolve the way IT configurations, processes, and controls are assessed, monitored, and mitigated, both internally and at our outsourced service providers and key 3 rd parties.
Ability to use analytical thinking and automation (scripting) to solve security, risk and control issues.
Identify, through automated means, security operations gaps, vulnerabilities, associated risks and mitigation strategies in our internal, outsourced service providers and important 3 rd party's environment.
Liaise with internal, external auditors and regulators.
Experience - Non Technical Experience:
Good interpersonal and communication skills - spoken and written
Good planning and other project management skills, including strong organisation skills
Must be solutions oriented; ability to work with all levels of management and staff
Self-driven, passionate about hands-on learning on emerging technologies and its risks.
Self-starter, performance-oriented individuals
Passionate about driving change through innovation
Experience in outsourced vendor management.
- Technical Experience:
IT professional with good understanding of technology platform and solutions;
Familiar with technical security solutions surrounding various technologies such as but not limited to: IDS, IPS, firewall management, anti-virus, content filtering, secure email solutions, network sniffing, log management & analysis, forensics, VPN, load balancing, routing, switching and network management
Experienced IS or risk professional with experience and exposure to Agile, DevOps, SRE and cloud technologies (preferred)
Prior experience in either banking, IT risk management, security-related or IT audit (preferred)
- Minimum no. of years: 6-10 years - Education / Preferred Qualifications: Degree - Professional Qualification: Professional memberships and security certifications would be considered favourably (e.g., CISA, CISSP, CISM, CCSP, etc.)
Certified Information Systems Auditor (CISA)
Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
Certified Cloud Security Professional (CCSP)
Apply Now We offer a competitive salary and benefits package and the professional advantages of a dynamic environment that supports your development and recognizes your achievements.