Information and Cyber Security Engineer

Information and Cyber Security Engineer involved in performing IT Security Risk Assessment, Information Security Due diligence on Third Party, review of Tech Obsolescence Risk and supporting the businesses as the subject matter expert on all IT Security matters, to ensure risks are highlighted for business evaluation and decision making on a timely manner.

• Plan and conduct IT Security Risk Assessment on UOBAM's systems throughout the lifecycle covering different layers of technology architecture to identify possible security risks, advise and evaluate the mitigation controls and measure the residual risk.
• Manage third party IS Due diligence on UOBAM’s service suppliers, including on-site assessments when required.
• Involve in Tech Obsolescence Risk program and identify security risks resulted from obsolescence.
• Lead the targeted workstreams and support ad-hoc assignments as requested
• Collaborate closely with technology and business stakeholders to ensure security risks are identified, communicated, understood therefore an informed decision on risk can be made.
• As a trusted partner and subject matter expert, provide security advisory to technology and business teams.
• As the HQ function, guide and support IS teams of subsidiaries to ensure oversight and consistency on IT security risk management.
• Support the IT Security risk committees to ensure robust IT Security risk governance.
• Develop, maintain, and enhance the IT Security checklists and guidelines.
• Continuously focus, strategise and implement process improvements e.g., automation, workflow design and digitization for an effective and efficient IT Security risk management.
• Provide reporting and tracking of work deliverables.
• Keep up-to-date awareness of security trends covering both new threats and technologies to understand the evolving risk and better safeguard the organization.

• Bachelor’s degree in Computer science, Information Technology, or a related field is required.
• At least 5 years of experience in Information Security and risk related work preferable in large organization especially banking environment.
• Deep understanding of threat modeling and risk management principles and best practices, and able to explain it in a structured and easy-to-understand manner.
• Strong understanding of the Banking industry IS policy and standards, regulatory and industry trends, good practices in providing practical and appropriate recommendation, resolution, and remediation options to the businesses.
• Strong relationship building, stakeholder management, communication, presentation and influencing skills with both technical and non-technical staff
• Experience in managing senior business stakeholders
• Demonstrate the strong motivation and capabilities to drive initiatives and changes
• Proactive and strong team leader and player with minimal supervision
• Excellent analytical and problem-solving skills. Ability to simplify complex issues such as risk matters, workflows, and business processes, and develops effective solutions.
• Experience in industry standards and requirements such as ISO 27001, MAS TRM, NIST, CCM
• Industry certifications issued by organizations such as ISC2, ISACA, SANS, Microsoft, CISCO, AWS, etc.