Head, IT - Security, Risk & Compliance

Job Description - Head, IT - Security, Risk & Compliance (2500008P)

Job Number:

2500008P

Job Purpose

Lead the Group IT Security, Risk and Compliance team and oversee the IT and Cyber security initiatives and operations across the Great Eastern Group and enable effective management of technology and IT operational risk and compliance in line with the GRC framework of the Great Eastern.

The Job

• Lead the Group IT Security, Risk and Compliance team and oversee the IT and Cyber security initiatives and operations across the Great Eastern Group.
• Enable effective management of technology and IT operational risk and compliance in line with the GRC framework of Great Eastern.
• Develop and deliver Cyber Security Roadmap with a robust plan for continuous cybersecurity improvement and in compliance with regulation.
• Establish the Group Technology Security Standards and associated guidelines.
• Oversee the delivery of security operation and assurance review to Group IT, covering application security review, security testing, patch and vulnerability management, network & endpoint security review, and security operation centre (SOC) for cyber security monitoring.
• Conduct exercise to enhance the detection and response capability to Cybersecurity threats, such as purple/red teaming, cyber range, bug bounty, cyber drills and threat hunting.
• Support the Business in carrying out 3rd party outsourcing security risk review.
• Provide security updates and security risk metrics reporting to Senior Management and Board.
• Develop and implement programs to promote awareness on good practices in IT security, risk and compliance.
• Oversee the service level and performance of Managed security services provider (MSSP) in their delivery of security monitoring services.
• Engage and manage relationships with local regulators and auditors in audits, inspection or matters concerning Group IT. Provide reporting of cyber incidents to regulators.
• Be the key liaison and coordinator with GRM. Assume the role of Division Risk & Compliance officer (DRCO) for Group IT.
• Monitor technology risk profile, such as reporting of key risk indicators and key metrics, analysing risk trends and recommending improvement.
• Oversee technology risk management process, which includes IT risk acceptance process, maintain risk registers such as RCSA, IT outsourcing risks and Project Risk Assessment (PRA), monitor the action plan closure, and facilitate risk forums / committees, templates and tools.
• Communicate and coordinate the implementation and execution of risk management policies and guidelines, programmes and activities in the division, such as RCSA, IT outsourcing risk assessment, fraud risk assessment, and annual GEH Assurance.
• Ensure compliance with laws, regulations and guidelines that are applicable to the division at all times, e.g. submit the Regulation Impact Assessment Matrix and Compliance self-assessment (CRSA) timely to GRM.
• Manage the reporting of risk, compliance and data incidents in accordance with GRM and DPGO guidelines.
• As part of the leadership team, work with key stakeholders to proactively shape the organisation’s culture and conduct environment that is aligned to the organization’s Core Values.
• Champion culture and conduct behavioral expectations within the Department/Division.
• Takes accountability in considering business and regulatory compliance risks and takes appropriate steps to mitigate the risks.
• Maintains awareness of industry trends on regulatory compliance, emerging threats and technologies in order to understand the risk and better safeguard the company.
• Highlights any potential concerns /risks and proactively shares best risk management practices.

Our Requirements

• Bachelor’s degree or Professional Degree in Computer Science / IT or equivalent.
• At least 12 years relevant experience managing and monitoring IT security, risk and compliance; including 5 years of managing security operations and teams. Currently holding a leadership position or have been in a similar capacity.
• Experience in leading a team in terms of design and assessment of IT security solutions, preferably in a financial services environment.
• Security industry certifications such as CISSP, CISM, SANS, GSEC, etc. are preferred.
• Proven record of dealing with complex projects and meeting conflicting demands.
• Ability to adapt to a fast-moving Cyber security landscape and keep pace with latest thinking and new security technologies.
• Thrives on change, showing an impressive ability to drive the IT security strategy forward.
• Forms business partnerships that help drive the IT security strategy forward.
• In-depth understanding of TCP/IP protocol and OSI Seven Layer Model.
• Expert technical knowledge of network security technologies (firewall, IPS/IDS, etc).
• Strong technical knowledge of Windows and/or Unix-based systems/ architectures and related security.
• Strong knowledge of security best practices and concepts.
• Advance knowledge & Hands-on experience on enterprise IT Security solutions.
• Advance level of knowledge of LAN / WAN technologies.
• Knowledge of VPN technologies.
• Be able to articulate threats and risk to business and technology leaders.
• Strong experience in Security monitoring, SIEM and Security Operations Centre (SOC).
• Advanced knowledge of risk assessment design and delivery.
• Detail oriented with strong organizational and prioritization skills.
• Excellent communicator with strong influencing skill set and able to manage conflicts.
• Team player who can lead in brainstorm session with peers to problem solve and make decisions.
• Self-driven to champion for culture change management initiatives.
• Strong analytical skills and a creative approach to problem solving.
• Takes accountability of work and good attitude over teamwork.
• Demonstrates alignment with the organization’s core values through expected behaviors.
• High level of integrity and takes accountability of work and good attitude over teamwork.
• Takes initiative to improve current state of things and adaptable to embrace new changes.

About Great Eastern

Founded in 1908, Great Eastern is a well-established market leader and trusted brand in Singapore and Malaysia. With over S$100 billion in assets and more than 16 million policyholders, including 12.5 million from government schemes, it provides insurance solutions to customers through three successful distribution channels – a tied agency force, bancassurance, and financial advisory firm Great Eastern Financial Advisers. The Group also operates in Indonesia and Brunei.

The Great Eastern Life Assurance Company Limited and Great Eastern General Insurance Limited have been assigned the financial strength and counterparty credit ratings of "AA-" by S&P Global Ratings since 2010, one of the highest among Asian life insurance companies. Great Eastern's asset management subsidiary, Lion Global Investors Limited, is one of the leading asset management companies in Southeast Asia.

Great Eastern is a subsidiary of OCBC, the longest established Singapore bank, formed in 1932. It is the second largest financial services group in Southeast Asia by assets and one of the world’s most highly-rated banks, with an Aa1 rating from Moody’s and AA- by both Fitch and S&P. Recognised for its financial strength and stability, OCBC is consistently ranked among the World’s Top 50 Safest Banks by Global Finance and has been named Best Managed Bank in Singapore by The Asian Banker.

To all recruitment agencies: Great Eastern does not accept unsolicited agency resumes. Please do not forward resumes to our email or our employees. We will not be responsible for any fees related to unsolicited resumes.