DBS Bank

VP/AVP, Cybersecurity Governance & Compliance Lead, Group Technology

DBS Bank · Singapore, Singapore, Singapore

Banking · 10,001+ employees

8 h ago
Remote Senior (5-10 yrs) Full-time Singapore
Log in to apply, save this posting, or score it against your profile with AI.

About the role

Lead the delivery and implementation of cybersecurity risk management and compliance programs to ensure technology assets meet regulatory standards. Monitor cybersecurity risks, manage the risk register, and coordinate with stakeholders to remediate identified gaps.

What they look for

Cybersecurity Governance Compliance Management Risk Assessment ISO27000 Regulatory Reporting Security Metrics Vulnerability Management Penetration Testing IDS/IPS Log Analysis VPN Forensics Policy Development Audit Coordination Information Security Frameworks Risk Remediation

Requirements

Requires an information security professional with 5 or more years of experience, preferably in financial or technology sectors. Must possess knowledge of ISO27000, the Cybersecurity Act, and various security technology solutions.

Full description

Business Function

Group Technology enables and empowers the bank with an efficient, nimble and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In Group Technology, we manage the majority of the Bank's operational processes and inspire to delight our business partners through our multiple banking delivery channels.

About the role

The candidate will be responsible for supporting the delivery and implementation of the Bank’s cybersecurity risk management and compliance programmes, helping to ensure that the Bank’s technology and information assets comply with relevant cybersecurity regulations.

The candidate will work with key stakeholders to monitor and implement practices aligned with the Bank’s cybersecurity risk management policies and standards, and to ensure that identified cybersecurity risks are evaluated, addressed and remediated appropriately.

The candidate will also assist in the updating and reporting of metrics on the Bank’s cybersecurity compliance posture to the Management. This includes:

  • Working with key stakeholders and counterparts within the Bank to ensure compliance against key cyber and information security legislations and regulations
  • Identifying, analyzing, evaluating and treating cybersecurity risks posed to the Bank’s technology and information assets to an acceptable level

Responsibilities

Legislation, regulations and policies

  • Assist in the Bank’s cybersecurity program, including cybersecuity policies, regulatory audits, compliance management, metrics, risk and performance indicators, and reporting to senior management;
  • Track and monitor new security regulatory guidelines, and assess the compliance of and impact to the Bank’s security policy architecture
  • Work with regional information security services teams in the core markets to monitor new cybersecurity legislation and/ or regulation and assess the impact against the Bank’s security policy architecture
  • Develop, review and update information security policies and standards to comply against regulatory requirements

Cybersecurity risk and compliance

  • Conduct cybersecurity risk assessments by identifying, analyzing, evaluating and treating cybersecurity risks to an acceptable level within the Bank
  • Timely coordination and completion of the Bank’s Risk and Compliance program in the identification and assessment of risk
  • Monitor cybersecurity risks, map risk profiles and manage the risk register, as well as enhance Key Risk Indicators for reporting to second line of defense and risk management committees
  • Continuously evaluate cybersecurity controls to ensure their effectiveness, compliance and adherence to policies and standards, while driving remediation efforts
  • Engage Line of Business Technology units to conduct annual cybersecurity risk assessment for key bank systems against regulatory requirements
  • Ensure timely implementation of corporate operational risk policies and standards within the Unit and assist operations teams to identify, report and address any gaps
  • Assess the security deviations and risk acceptances raised by Business Units / Support Units
  • Engage and liaise with auditors and the information security services teams for cybersecurity related audits.

Requirements

  • Information security professional with five (5) or more years of experience, with a background in a financial or technology environment would be preferred.
  • Experience in collation, management and reporting of security metrics such as open security vulnerabilities, penetration testing findings, security alerts and incidents, etc.
  • Experience in information security framework such as ISO27000 framework.
  • Experience and knowledge in regulations such as Cybersecurity Act, Cybersecurity Code of Practice, Technology Risk Management Guidelines and Personal Data Protection Act.
  • Experience in the management of Critical Information Infrastructure systems for compliance against the Cybersecurity Act will be beneficial.
  • Good working knowledge of enterprise security risk management methods and techniques to successfully deliver the security risk management and assessment outcome.
  • Strong background on security technology solutions including IDS, IPS, anti-virus, content filtering, secure email solutions, network sniffing, log analysis, forensics, and VPN.
  • Good verbal and written communication for the generation of security awareness content.
  • Proactive, analytical, performance-oriented, and independent worker with strong organization skills, and effectiveness to track and follow up on the assigned projects.

Location:

DBS Asia Hub

Job:

Technology

Schedule:

Regular

Employee Status:

Full time