Job Detail

Business Information Security Officer

SG

Job Description

The Singapore Business Information Security Officer (BISO) is accountable for all IS activities including but not limited to oversight the IS Risk Management to the Franchise and its processes and support ASL where needed. The BISO will support & work closely with Business, Operations & Technology teams, and the overall ISO community to oversee and monitor adherence with ASL IS Policy and Standards, manage risk and provide Business advise on Information Security.

Key Responsibilities

Focuses on Key BISO activities:

  • Ensure IS Risk assessments (ISRA) is conducted for Projects, Applications, and Third-Party Outsourcing arrangements in accordance to ASL Standards by partnering with Technology and the Business and determines the impact of control deficiencies.
  • Participate in industry forums and stay close to evolving regulations (MAS, CSA, FS-ISAC etc.) to provide subject matter expert feedback. And ensure new and updated information and cyber security regulations are assessed for impact in a timely manner by partnering within ISO community, Technology and Business.
  • Assists in the definition and implementation of IS standards at the business level to ensure that procedures and practices comply with ASL standards.
  • Develops corrective action for all IS-related gaps and approves all closures by reviewing evidence to ensure the closure meets ASL requirements or industry best practices.
  • Collaborates to create Risk Acceptances (RAs), Risk Exceptions (REs), and Corrective Action Plans (CAPs) in the appropriate tools.
  • Support business on IS matters during audit reviews and regulatory inspections.
  • Helps security incident response teams resolve and close the investigation of incidents with proactive suggestions.
  • Validate third party issues and ensure management’s awareness of the risk involved (TPISA)
  • Provide information and cyber security awareness training.
  • Provides periodic IS risk management reports in business language and to business, highlighting key issues and corrective action plans.
  • Lead the country Cyber exercise engagement along with the Cyber Exercise team and country business Subject Matter Experts (SME).
  • Ensures oversight and compliance to the IS program within the business, including programs, policies, and related reporting.

 

Acts as a Business Partner

  • Communicates and interacts regularly with employees and business management on IS related programs, policies, and standards.
  • Communicates with the ISOs and business managers; escalates as appropriate.
  • Actively support and manage any regulatory engagement and other seniors, working in conjunction and advise of the global and regional teams.
  • Provides general IS consulting services including interpretation and/or clarification.
  • Participates in the IS community on committees and cross-business / functional opportunities.
  • Enforces compliance; demonstrates extensive understanding of IS standards and best practices across multiple disciplines.
  • Engages a Technical Information Security Officer (TISO), SME or another senior ISO where additional technical and/or Subject Matter knowledge is required.
  • Educates and advises the business on safe IS practices and current, changing, and/or recommended IS requirements.
  • Plans and executes the IS strategy.
  • Articulates the value of IS controls and its bottom-line impact.
  • Partners with business coordinators in other disciplines, e.g., Business Continuity Management (BCM), Records Management, Fraud Management, etc.
  • Leverages the ISO network to pool resources, seek out best practices, and create efficiencies
  • Work with the regulator, Association of Banks, Compliance, and other Financial Institutions as needed.
  • Support business to address instances of non-compliance in business processes/procedures, applications, and outsourcing.
  • Integrates IS in the day-to-day operations and culture of the business.
  • Exercises oversight of the IS programs within the business, including programs, policies, and related reporting.

 

Builds and maintains supportive networks with key stakeholders and colleagues

  • Communicates and interacts regularly with employees.
  • Leverages the ISO network to pool resources, seek out best practices, and create efficiencies.
  • Participates in the IS community on committees and cross-business/functional opportunities.
  • Partners with application manager or TISO as needed to address specific technical needs or requirements.
  • Participate and where needed lead regional IS initiatives.
  • Assist business units in preparation of Audit Risk and Reviews, by identifying deficiencies against Information Security Standards, construction of remediation plans and adherence to issue management standards by way of ensuring that Corrective Action Plans and Risk Acceptances are in place, including ad-hoc IS Risk related initiatives and projects.
  • Communicate regularly with the Regional and Group Information Security Officer to implement global and regional IS initiatives within the business.

Job Requirement

Other Requirements

  • Excellent consulting and problem-solving/analytical skills.
  • Advanced presentation skills and program management.
  • Good business communication skills.
  • Team-player, proactive, assertive, service-oriented and has good people-skills.
  • Proven ability to manage multiple tasks and priorities.
  • Ability to manage tight time frames and communicate effectively with peers and management.
  • Flexibility to adapt to changing demands and priorities.

Education Qualifications 

  • Bachelor’s Degree in Engineering or Computers or Equivalent. 
  • 10+ Years of Experience in years of Information security experience in areas of security governance, risk management, application security design, security project management or security operation.
  • Professional Certifications CISSP, CISM, CISA, SANS, Cloud (at least 2 and willingness to continuously upskill)

 

Required Capability: 

  • Good understanding of Information Security control areas such as Authentication/Authorization, Access Controls, Entitlement, Cryptography, Encryption, Network, Application/System Security, Key Management. Vulnerability Management (OWASP, SANs)
  • Knowledge of SDLC, Agile/Iterative, DevOps/DevSecOps and integration with security assessment is required.
  • Excellent IS/IT Program or Project Management
  • Excellent Written and Verbal communication skills.
  • Exhibit Strong Influencing/negotiating skills with attention to details.
  • Ability to multi-task, prioritize and work with minimum supervision. 
  • Strong problem solving/analytical skills.  
  • Proficient in MS Office – Excel, Word, PowerPoint and other collaboration tools. 
  • Pro-active self-starter, demonstrates initiative and works independently with minimum supervision.
Logo
View More Jobs
Singlife
About SinglifeSinglife is the region’s fastest scaling technology company that focuses on holistic financial well-being. Singlife is also the first independent life insurance company licensed by the Monetary Authority of Singapore since 1970. As a testament to the strength of Singlife's strong capital base and governance, it successfully acquired Zurich Life Singapore’s business portfolio and achieved more than SGD6.6 billion in life insurance coverage. Singlife is on a mission to change the way people look at growing their wealth and ensuring a financially-secured retirement. To attain this vision, Singlife builds itself as an efficient company seamlessly integrating cutting-edge technology capabilities via a swathe of consumer-centric products so as to enable our customers to live their best lives with complete protection.Our Mission- A connected financial experienceAt Singlife, our mission is to unlock the potential of money for you. We are building a connected financial experience by leveraging smart technologies to make insurance digital and mobile-first.What we OfferAccessibility- View policy information through your mobile device, tablet, or desktop.Affordability- Get better coverage at a much friendlier price.Convenience- Sign up online and get covered in minutes.Transparency- Customise coverage and policy features and receive real-time quotations.

Contact Us
Website
×

Full Name*
Email address*
Upload a different Resume (Your application will be submitted using this resume instead)
Choose a file
Only .pdf is allowed
HACKERBUCK AWARDED

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .