Provide independent, strategic IT security and risk advisory to the Group CTO, Senior Management, Board and relevant committees to enable informed risk‑based decisions
Establish, maintain and enforce Group IT Security policies, standards, and frameworks, ensuring consistent adoption across Head Office and regional offices
Champion and cultivate a strong security and compliance culture across technology and business stakeholders
...
Audit: Drive audit readiness by acting as a point of contact for all internal and external IT security audits and regulatory reviews (including BNM, HKMA, and MAS), ensuring the bank demonstrates high maturity levels and audit readiness at all times. Drive the end-to-end audit lifecycle including PCI-DSS and PwC engagements by coordinating evidence collection, justifying control effectiveness, and tracking all findings to verified closure to minimize compliance risks.
Projects & Change: Enable strategic IT security integration by participating in IT and Business project meetings. Conduct security reviews, risk assessments, and review User Acceptance Testing (UAT) to ensure all deliverables meet necessary security requirements with proper sign-off before deployment.
Housekeeping: Ensure a timely deletion and housekeeping of resigned, dormant, or unused user IDs based on HR cessation notifications to minimize the attack surface.
...
Investigate incidents: Conduct preliminary incident investigations to gather relevant information, document findings, and ensure accurate reporting of security incidents
Promote workplace safety: Encourage adherence to safety protocols and best practices among team members
Provide security back up: Step in to fulfill security officer responsibilities as required
...
Perform event correlation and analysis to detect emerging threats and security anomalies.
Participate in cybersecurity incident response activities, including identification, containment, eradication, recovery, and post-incident reviews.
Conduct threat hunting activities to proactively identify malicious behaviors, attack techniques, and hidden threats within the environment. Support forensic investigations by collecting and analyzing logs, system artifacts, and security evidence.
...
Interfaces and collaborate with other teams for incident escalations and resolution
Work closely with SOC Head to better security operations and address identified deficiencies
Perform due diligence and in-depth analysis on escalated security alert from Level-1 analyst and escalate to respective team for further action in timely manner
...
Provide insights into areas of potential vulnerability and recommend corrective action.
Keep up to date with industry trends, regulatory changes and emerging cybersecurity threats.
Plan, execute and manage the risk-based audit assignments as per the Audit Plan to ensure the audit fulfil the approved audit objectives and audit scope and the standards as prescribed in the Audit Methodology.
...
Evaluate, implement, and manage security technologies and infrastructure, ensuring they are effective and up-to-date;
Evaluate and implement proper security tools (SIEM, IDMS, DLP, etc) in order to mitigate the weaknesses in manual security controls as well as to promote an effective and efficient administration;
Provide comprehensive support for business-critical and regulated (GxP) applications and systems, including but not limited to Pharma Empower and PerkinElmer Spectrum, ensuring controlled access, readiness for backup and restoration, and thorough support documentation.
Coordinate IT support for production equipment computerized systems and equipment (e.g., compression machine, inspection machine, PCs/SCADA/HMI etc.), prioritizing operational stability, managed change control, and prompt vendor engagement.
Ensure records for incidents, problems, and changes are accurately maintained, categorized, assessed for impact, approved, and supported with closure evidence in accordance with IT SOPs and organisational quality standards.
...
Monitor and respond to the team’s ticket queue, resolving routine operational issues and escalating complex problems as needed.
Operate systems that detect new devices connecting to manufacturing networks, working with site personnel to authorize, classify, and inventory devices.
Prepare and maintain asset inventory worksheets for manufacturing sites to assist with accurate identification and documentation of assets.
...
Prioritize and track remediation efforts for identified vulnerabilities, collaborating with relevant teams to ensure timely resolution.
Stay abreast of emerging threats, vulnerabilities, and attack techniques to enhance VAPT strategies.
Establish and maintain robust security governance frameworks, policies, standards, and procedures in alignment with industry best practices (e.g., ISO 27001, NIST, internal compliance requirements).
...
Prioritize and track remediation efforts for identified vulnerabilities, collaborating with relevant teams to ensure timely resolution.
Stay abreast of emerging threats, vulnerabilities, and attack techniques to enhance VAPT strategies.
Establish and maintain robust security governance frameworks, policies, standards, and procedures in alignment with industry best practices (e.g., ISO 27001, NIST, internal compliance requirements).
...