Information Security Manager - DFS521863 in Singapore at DFS

Date Posted: 1/29/2018

Job Snapshot

Job Description

As DFS continues its Digital Transformation Journey we are looking for hands on, highly technical Information Security Manager. Reporting to the CISO this role plays an integral part in the development and implementation of information security tools and processes across the enterprise. This role is responsible for managing risks related to confidentiality, integrity & availability of DFS information assets.

Key Responsibilities:
- Develop, maintain and implement security policies, standards and procedures.
- Participate in projects involving IT systems and provide sound technical advice to ensure Security by Design principles are adhered to. Ensure all identified information security risks are mitigated and requisite information security controls are implemented through project lifecycle.
- Perform PCI-DSS Assessments and fulfil PCI-DSS obligations for current and new projects and systems.
- In conjunction with IT infrastructure team, monitor, maintain and fine tune existing network & security infrastructure. Viz., Endpoint Security, Web Application Firewall (WAF), Next Generation Firewall (NGFW), Encryption, email and web gateways, File transfer platforms, Security Information and Event Management etc.,
- Conduct security & privacy audits or information security compliance reviews to monitor compliance against security policies, standards and requirements.
- Maintain a security risk register and remediation plans with relevant parties to achieve compliance with security requirements and mitigate identified risks to an acceptable level.
- Implement and conduct external and internal vulnerability scans, network penetration tests and application security tests as required.
- Coordinate and execute Information Security initiatives in line with the DFS security roadmap
- Work with the Security Operations Center and coordinate response to Information Security Incidents
- Support the Security Awareness Program with relevant DFS teams
- Conduct research to evaluate new emerging technologies and maintain up-to-date understanding of the latest threats, vulnerabilities, mitigation, industry best practices, regulations.
- Report on Security KPIs, vulnerabilities, non-compliance and other security exposures, including misuse of information assets and non-compliance
- Other duties as assigned.

Key Requirements:
- Tertiary Education in Computer Science, MIS or related fields
- Minimum 5 plus years of progressive experience in computing and information security
- Experience should include security engineering, security education, network penetration testing, application vulnerability assessments, risk analysis and compliance testing.
- CISSP, GIAC, CEH or other security certifications essential.
- Hand on experience with security technologies such as NGFW, WAF, SIEM, Endpoint Security, Secure Web Gateway, Identity and Access Management (IAM), DLP, Cloud Access Security Broker (CASB) etc.,
- Knowledge of industry best practices on Secure Software Development Life Cycle (SSDLC) such as OWASP etc.,
- Experience with information security and risk management frameworks and standards such as ISO 27001, COBIT, ITIL etc.,
- Extensive knowledge of Payment Card Industry Data Security Standard (PCI DSS)
- Experience in working with high performance teams and understand the dynamics of teamwork in an international Security Operations Centre (SOC) environment