VP- Security Services & Data Protection
- Full-time
- Sub Division: Security & BCM
- Division: Group Risk Management
Job Description
Job Purpose:
To lead the development, implementation, management and assurance of the group-wide cyber security in order to ensure banks customer, sensitive data is adequately classified and protected.
Job Specific Accountabilities
Security Monitoring
- Ensure overall governance of operation, configuration, monitoring and implementation of log monitoring tool.
- Ensure the 24 X 7 SOC monitoring the group enterprise log management and review solutions
- Review and guidance on developing and managing advanced predictive analytics, correlation rules in group SIEM to detect cyber threat
- Plan & conduct various reviews like Privileged account usage, reputation, brand monitoring
- Plan and run the security incident management program in coordination with cyber security best practice
- Ensure all critical infrastructure and applications logs are integrated with central SIEM
- Provide guidance on secure configuration of systems and services exposed to Internet sources as well as on all cloud related projects
- Serve as the SME on Linux and Windows platform security in AWS environments and guide the establishment of security settings and policies
- Identify risks and provide guidance regarding remediation of gaps to facilitate a hardened and sustainable cloud environments
Data protection
- Ensure a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection.
- Oversee data leakage prevention solution compliance across the group
- Ensure the development & review of data protection policies in compliance with best standards practices and regulations
- Ensure the complete assessment of the data protection requirements globally and coordinate with group international security function.
- Lead the data leakage prevention program with DLP tools and robust DLP management progress.
- Support SLA monitoring and reporting for international locations
- Roll out Data Classification solution across the group
Anti-Phishing Reputation Monitoring
- Ensure highlighted incidents by Third party monitoring service are reviewed and acted in timely manner.
- Highlight the incidents reviewed and escalated to the management on a periodic basis.
- Liaise with multiple teams during a critical incident detection and act swiftly following established process to resolve the incident within its SLA.
- Eliminate false positives highlighted by the tools prior to raising as an incident and ensure all due diligence is done.
- Liaise with the marketing communication team for an impact assessment on brand reputation.
Continuous Improvement
- Lead the identification of opportunities for continuous improvement and sustainability of systems, processes and practices considering global standards, productivity improvement and cost reduction.
Reporting
- Ensure that all department reports are prepared timely and accurately and meet Group requirements, policies and quality standards.
Qualifications
- Minimum Qualification
- Should have Degree or Master’s Degree in computer science or equivalent in related domain
- Certification like CISSP, CIPP/E or CISA is a must
- Good understanding of SIEM tools like ArcSight with minimum hands-on experience of 5 years on SIEM tools.
- Possess good Project Management skills
- Highly developed communication skills, both verbal and written
Minimum Experience
- 10 years’ relevant experience in the banking/financial sector with at least 3 years in similar positions of progressively increasing managerial responsibilities in the Information Security function.
- Scripting knowledge in creating correlation rules and connectors
- Managing Security Operation Center (SOC) and alerts and eliminate false positives