| Role of Wealth Management Operational Security Engineer, being understood this role includes delegations from APAC WM CISO.
The incumbent will be responsible for managing and implementing technical access controls, privilege access management, data leakage prevention and other related technologies to ensure the confidentiality, integrity, and availability of our organization’s data and systems.
Responsibilities
Direct Responsibilities:
ü Technical Access Management / Privilege Access Management
o Manage and maintain technical/privilege access controls for production and development environments
o Ensure compliance with organizational technical access control security policies and procedures
o Collaborate with IT teams to implement least privilege access and resolve access-related non-compliance
o Review existing CyberArk password management policies and assess the effectiveness of the enforcement through password rotation
o Review technical access segregation between production and development environments with respective support teams
ü Data Leakage Prevention (DLP)
o Create, management and maintain DLP policies to detect and prevent data leaks
o Deploy and maintain DLP infrastructure
o Collaborate with IT teams to investigate and respond to data leak incidents
ü Identity and Access Management (IAM)
o Collaborate with IT teams to deploy and maintain data encryption solutions
o IAM team to ensure seamless integration with technical access management solutions
o Ensure compliance with organizational IAM policies and procedures
ü Data Encryption Deployment & Monitoring
o Collaborate with IT teams to deploy and maintain data encryption solutions
o Ensure compliance with organizational data encryption policies and procedures
ü Unstructured & Structured Data Discovery & Activity Monitoring
o Collaborate with IT teams to:
§ Deploy and maintain unstructured & structured data discovery and activity monitoring solution
§ Identify and classify sensitive data
§ Monitor and analyse restricted and sensitive database activities
§ Remediate any non-compliant finding reported
ü Infrastructure Vulnerability Management
o Responsible to identify, classify, prioritize and remediate vulnerabilities in organization infrastructure.
o Ensure the regular coverage of infrastructure assets in vulnerability assessment by service providers
o Collaborate with IT Dev and Prod teams to remediate identified vulnerabilities and ensure that all remediation efforts are tracked and documented.
o Provide regular reports to management on vulnerability management activities, including identified vulnerabilities, remediation efforts and compliance status.
o Collaborate with IT teams, management and other stakeholders to ensure that vulnerability management efforts are aligned with business objectives.
o Ensure that vulnerability assessment tools such as Rapid7 Nexpose, Tanium, Qualys are configured to meet the expected quality assessment and by fine-tuning the vulnerability assessment plugins.
ü Application Security
o Ensure the effective implementation of Secure SDL including the DevSecOps and Threat modelling practices.
o Identify and implement the latest security standards for internet facing and internal assets
o Improve the Vulnerability Management at the application level in terms of efficiency as well as effectiveness (including Static Acceptance Security Testing – SAST, Dynamic Acceptance Security Testing – DAST and Software Composition Analysis – SCA).
o Perform Security risk assessments and reviews to be presented to respective committees
o Ensure the adequate security level for all WM GAIM applications, whatever the IT project manager’s location and hosting provider
ü Cybersecurity
o Ensure the protection of WM business data with an adequate security level of WM assets based on review processes
o Ensure the coordination with other IT security or other actors in the region or globally
o Assist for a Risk Treatment for any APAC WM issue, based on the processes
o Identify the IT security risks in advance, record and follow-up them
o Define and contribute to processes from cybersecurity perspective
o Periodic reporting of security status to IT Security Domain Head
o Ensure the regular reporting for management follow-up
o Ensure to follow-up on the DLP, Incident Management topics with by investigating and following with handlers until the issue is closed.
o Ensure to onboard the Assets & Applications in SIEM and handling BAU, create / update relevant documents.
ü Production Security
o Ensure the effectiveness and success of vulnerability management process
o Ensure the compliance level of the production environment and integrate to reporting
ü IT Security Compliance (delegation on WM APAC scope)
o Ensure the alignment with the Group and WM GAIM security policies, for both project and production assets
o Ensure the compliance with regulatory bodies requirements, including for APAC (HKMA, MAS), EU (GDPR), Switzerland (FINMA)
o Leveraging on a deep knowledge of Security standards such as NIST, CIS, ISO2700x, ensure the compliance with the IT security requirements
o Ensure the compliance with the Third-party Technology risks and the Cloud security
o Identify the process gaps and provide solutions
ü Coordination with IT Security actors
o Alignment on the objectives and means, contribution to the different global reporting (WM Cybersecurity Committee, Application Security Dashboard…)
o Coordination and control of security activities performed by APAC Business Information Security and Production Security teams, including production security review, user security awareness for the WM scope.
o Coordination with the global security teams concerning integration of WM assets within production sites
o Keeping abreast of initiatives by the IT Security community within the Group and other IT Security stakeholders within the Group |
