Information Security Controls Specialist

The Global Information Security (GIS) Governance Risk & Controls team in Asia Pacific oversees management of cybersecurity risk in the region. This includes holistic alignment of data security, technology, and innovation policies, controls, and processes to laws, rules, and regulations and driving risk-informed decision-making. The team is also responsible for representing the bank’s cybersecurity interests with local and regional industry partners and reducing overall exposure to cybercrime.

Position Description

Background: As a specialist in the GIS APAC GRC team, the Regulatory Assurance Analyst will be responsible for championing regulatory assurance program including definition and roll out of program related to information security. This will be achieved through rigorous analysis of regulatory requirements and a structured approach to compliance reviews. The Regulatory Assurance Analyst will drive proactive self-assessment of regulatory compliance in APAC. This will involve assessing regional laws, rules, regulations and industry standards impacting information security and ensuring the Bank’s compliance to these. Other key responsibilities include reviewing and remediating issues related to information security policy, standards, baselines, and exceptions that impact regulatory compliance. The role will ensure that policy, control, exception, and regulatory governance processes and relevant supporting evidence are ready for audit and regulatory inspection.

Key Responsibilities

• Develop and deliver the GIS Regulatory Assurance capability and program for the Bank
• Refine and manage the program for sustainability.
• Senior stakeholder engagements to roll out and address program requirements
• Coordinate with global/regional SMEs to deliver cyber assurance program
• Support cybersecurity LRR and policy/regulatory programs in the region
• Drive awareness on regulatory thematic areas based on analysis of regulatory requirements and drivers
• Support regulatory engagements and/or roll out of exam management initiatives

Key Requirements

• Experience working with regulators, risk forums or equivalent organizations with good understanding of policies and regulatory requirements
• Broad understanding of cybersecurity and data principles and management techniques
• A self-starter, team player with a strong people-influencing skillset
• Intellectual curiosity and a desire to learn new skills
• Knowledge of APAC laws, rules, and regulations impacting information security
• Excellent command of the English Language
• The ability to communicate and understand how to translate technical gaps into business risk
• BA/BS in Information Technology, Information Security, Computer Science, Cyber Security or related field, Advanced Degree desired.  Depending on work experience, experience may be considered in lieu of Degree
• 6-9 years of cyber security/risk/regulatory experience
• Certification desired but not required:  CISSP, CRISC, CISM

Location: Singapore