Information Security Officer

The Information Security Officer (ISO) role is to support and be accountable for all IS activities including but not limited to oversight of the IS Risk Management to the Franchise and its processes and support ASL where needed. The ISO function will support & work closely with Business, Operations & Technology teams, and the overall ISO community to oversee and monitor adherence with Singlife IS Policy and Standards, manage risk and provide Business advise on Information Security. Demonstrate understanding of cloud, mobile, application and infrastructure security and will exercise sound judgement within existing practices and policies.

• Perform Information Business Impact assessments and Security Risk Assessments on business applications throughout development lifecycle for SDLC/Agile/Iterative Lifecycle.
• Report Information Security issues/gaps with appropriate recommendations to mitigate and/or remediate the risk as well as assist IT with corrective action plans. Provide subject matter expertise in application development lifecycle to assess security requirements, controls and ensure that security controls are implemented and planned.
• Promote awareness of information security policies, standards and best practices. Also, as a program manager, manage information security assessments operational KPI/KRIs.
• Drive improvement to Information Security process, standards and policies.
• Interface with Risk, Internal Audit, external Audit, Regulator and/or provide timely support during audits.
• Establish and maintain relationships with domain architects, project managers and IT SMEs.
• Demonstrate good understanding of Singapore regulatory framework and local laws on information security, technology risk, data protection.
• Perform independent assessments of the technical security controls implemented within the system to determine the overall effectiveness of the controls.

• Good understanding of Information Security control areas such as Authentication/Authorization, Access Controls, Entitlement, Cryptography, Encryption, Network, Application/System Security, Key Management. Vulnerability Management (OWASP, SANs)
• Excellent Written and Verbal communication skills. Exhibit Strong Influencing/negotiating skills with attention to details.
• Ability to work independently and as part of a team.

• Bachelor’s degree in information technology, computer science, or a related field.
• 2 Years of Experience in Information Security, Audit or Risk Management Function.