Regional Head, Information Security - Singapore - First Abu Dhabi Bank P.j.s.c. Singapore Branch

Description

JOB PURPOSE:
The Regional Security Head (RSH) will be responsible for managing the FAB's Information Security Program at the regional level.

The Regional Security Head will report to Head of International Security and shall be responsible to plan, implement, monitor, and review the information security program in the consultation with Group Security Office - Head office team.

The RSH shall ensure the information security program is in alignment with the regulatory, legal, and statutory requirement of the region and the business strategy.

The Regional Security Head role will be operating out of FAB Regional office and will require travel within the region while fulfilling the responsibilities.

The Information Security Officer (ISO) will be responsible for managing the FAB's Information Security and Data Privacy Program for Singapore.

He/She serves as the process owner of the appropriate second-line functional activities related to confidentiality, integrity, availability, privacy and recovery of information owned or processed by the business unit in compliance with regulatory requirements.

KEY ACCOUNTABILITIES:
Review and Maintain Security Policies, Standards, and Procedures pertaining to the regional locations.

Participate in discussion and coordinate activities between local business units, support functions, Compliance Team, IT and GSO - HO for information security, planning, implementations, and reviewEnsure information security compliance as per regulatory requirements (MAS-SNG, BNM, HKMA Standards, GDPR, PCI DSS and any other)Update International Location Executive management regarding information security initiatives, major risk, threats, attacks, and incidents.

Review new regulatory legislations promptly communicate all regulatory notices/circulars to all concerned areas, provide interpretations if necessary develop/monitor action plans towards its implementation.

Assist Head office during Regulatory Examinations ensure implementation/regularization of observations linked to compliance while meeting the deadline(s).Review Technology Risk Assessments, RCSA and Third-party Risk assessments.

Assist and support for Internal and External Audits. Monitor and track all open issues with IT/IS and concerned international SPOCS for regional locations.
Oversee the tracking and closure of related findings.
Govern the security awareness program for respective regional staff.
Provide support to FAB CSIRT for information security incident and data breach handling.

Coordination with International Business units/Fraud Risk / GSO for digital forensic investigationReview and assess the regulatory compliance circulars/notices, discuss with GSO- HO and enforce security controls as applicable.

Assist Group Security - Head Office team in vulnerability assessment and penetration testing.

Review Management Dashboards/Security MIS related to Patching, VA, PT, Baselines, and end point security controlsAssess and Review Change Requests and Security Exceptions pertaining to regional IT services.

Review BRDs, Solution Design, Concept Design and any other requirements from regional business units and local IT teams.
Review and track compliance for Data Privacy and Protection controls.
Review KPIs and KRIs for regional information security processes.

Perform the role of 2nd line of defence oversight over Technology, Data Privacy, Business Continuity Management and Vendor Management functions.

Perform the role of GSO SPOC for the Singapore Branch.


QUALIFICATIONS & EXPERIENCE:
Information Security or IT Security or IS Audit backgroundMust be having a minimum 10 years of Information Security Experience.
Expert knowledge of Information Security Domains and should be certified (CISA, CISSP or CISM or any other relevant security certification)Experience in a similar type of role in a multinational business and dealing with regulatory authorities, governments, and industry bodiesExperience in managing international security or regional security teamsAbility to make good judgments regarding security risk and to prioritize resources and activity around managing those risksAble to conduct the role independently and with integrityAbility to plan, organize and prioritize tasks and projectsGood personal communication skills capable of dealing with wide range of stakeholders, including senior managementFluent in English

Skills:
Information Security, international security, Regulatory Compliance, Investigation, Business Strategy, Pci Dss, Penetration Testing, Vendor Management, Audits, business continuity management , Cisa, Regulatory Requirements, Vulnerability Assessment, Audit, security awareness, Cissp


Experience:
Years

#J-18808-Ljbffr