Security Consulting and Risk Officer

Job Summary

Responsible for securing data, network, and applications in system development or system

implementations. Perform threat modeling, business and technical process analysis, application

security and architecture reviews to evaluate, identify vulnerabilities and enforce security

controls in IT and application systems. Ensures coordination of penetration testing support and

vulnerability validation scans of systems project.

Specific Duties & Responsibilities

• Work closely with cross-functional teams - ITG Infrastructure team, ITG DevOps team,

Developers, Solutions and Enterprise Architects, Technical Project Managers, Delivery

Managers and Project Proponents.

• Helps to improve the security health of the application systems, information processing

facilities and connected services of the bank by:

Providing security consulting services on information security related matters for on

premise and cloud-based project implementations and deployments.

Serves as project security technical point of contact for system development as it relates

to automation, continuous integration/continuous deployment activities and

products/services being developed and deployed across the full application development

life cycle.

Ensure enforcement of security requirements across all new application systems and API

deployments.

Performs threat modeling and business/technical process analysis to identify

vulnerabilities/weaknesses on processes and technology implementations thru a

documented analysis and assessment report.

Standardize the technical, functional and administrative security requirements covering

areas of application system, technical design and architecture.

Ensures that the security requirements align with the business objective of the application

systems to be implemented.

Provides consulting on technical designs and solutions to address infrastructure security

and application security related weaknesses.

Collaborate with relevant stakeholders to implement security improvements.

• Collaborate with the appropriate subject matter expert in Security Architecture and

Innovation Department in reviewing security architecture and addressing architecture

concerns in a project.

• Ensures that source code reviews are performed and validated across all platforms and

frameworks.

• Coordinates application vulnerability scanning and penetration testing remediation activities

with ITG developers.

• Assist with vulnerability prioritization and provide guidance on resolution.

• Ensures that standard security requirements are kept updated.

• Maintains an expert knowledge in the field of Information Security and the related issues,

systems, processes, products, and services. Stay current with best security practices.

• Collaborates with other ITG Servicing units and application teams to harden its operating

systems and application systems to better protect user data when implemented.

• Proactively works with the Department Head in implementing programs for the continuous

improvement of the bank's information security posture.

• Perform other information security governance, risk and compliance related duties and

responsibilities as directed by the Department Head.

Job Specifications

• Graduate of any college degree in Computer Science or Information Security, or related

technical field of expertise.

• General understanding of regulatory compliance and how it relates to application security

and privacy.

• Certification training may include is CISA, CISM, SANS GIAC, CISSP, PCI-DSS, etc.)

• Understanding of network and application security risks and how to address them.

• History of designing, developing, or customizing application systems a plus.

• Extensive and deep technical knowledge/understanding of system development, typically

ranging from front-end user interfaces all the way to the back-end systems of both on

premise and cloud deployment.

• Working knowledge of on premise and cloud architectures.

• Strong familiarity with web protocols and web services, networking concepts and

encryption.

• Understanding of Microsoft, Linux/Unix security architecture.

• Strong attention to detail, analytical, and problem-solving skills. Thinking logically and

intuitively; strong learning agility with the ability to learn new processes/patterns

• Result-orientated in terms of disposition for corrective action and security remediation.

• Have good teamwork and collaboration skills, a good team player with the ability to lead.

• Good written and verbal communication skills: to effectively articulate and explain complex

security topics in simple language and easy to understand concepts.

• Possess excellent time management skills, thrive in a fast paced demanding environment

• Be a self-managed, self-starter with good organizational skills to include good follow-up

skills

• Knowledge in using MS office tools such as PowerPoint, word, excel and project