Security Consulting and Risk Officer

Responsible for securing data, network, and applications in system development or system implementations. Perform threat modeling, business and technical process analysis, application security and architecture reviews to evaluate, identify vulnerabilities and enforce security controls in IT and application systems. Ensures coordination of penetration testing support and vulnerability validation scans of systems projects.

Key Responsibilities:

● Work closely with cross-functional teams - ITG Infrastructure team, ITG DevOps team, Developers, Solutions and Enterprise Architects, Technical Project Managers, Delivery Managers and Project Proponents.

● Helps to improve the security health of the application systems, information processing

facilities and connected services of the bank by:

● Providing security consulting services on information security related matters for on premise and cloud-based project implementations and deployments.

● Serves as project security technical point of contact for system development as it relates to automation, continuous integration/continuous deployment activities and products/services being developed and deployed across the full application development life cycle.

● Ensure enforcement of security requirements across all new application systems and API deployments.

● Performs threat modeling and business/technical process analysis to identify vulnerabilities/weaknesses on processes and technology implementations thru a documented analysis and assessment report.

● Standardize the technical, functional and administrative security requirements covering areas of application system, technical design and architecture.

● Ensures that the security requirements align with the business objective of the application systems to be implemented.

● Provides consulting on technical designs and solutions to address infrastructure security and application security related weaknesses.

● Collaborate with relevant stakeholders to implement security improvements.

● Collaborate with the appropriate subject matter expert in Security Architecture and Innovation Department in reviewing security architecture and addressing architecture concerns in a project.

● Ensures that source code reviews are performed and validated across all platforms and frameworks.

● Coordinates application vulnerability scanning and penetration testing remediation activities with ITG developers.

● Assist with vulnerability prioritization and provide guidance on resolution.

● Ensures that standard security requirements are kept updated.

● Maintains an expert knowledge in the field of Information Security and the related issues, systems, processes, products, and services. Stay current with best security practices.

● Collaborates with other ITG Servicing units and application teams to harden its operating systems and application systems to better protect user data when implemented.

● Proactively works with the Department Head in implementing programs for the continuous improvement of the bank's information security posture.

● Perform other information security governance, risk and compliance related duties and responsibilities as directed by the Department Head.

Requirements

Qualifications

● Graduate of any college degree in Computer Science or Information Security, or related technical field of expertise.

● General understanding of regulatory compliance and how it relates to application security and privacy.

● Certification training may include CISA, CISM, SANS GIAC, CISSP, PCI-DSS, etc.)

● Understanding of network and application security risks and how to address them.

● History of designing, developing, or customizing application systems is a plus.

● Extensive and deep technical knowledge/understanding of system development, typically ranging from front-end user interfaces all the way to the back-end systems of both on premise and cloud deployment.

● Working knowledge of on premise and cloud architectures.

● Strong familiarity with web protocols and web services, networking concepts and encryption.

● Understanding of Microsoft, Linux/Unix security architecture.

● Strong attention to detail, analytical, and problem-solving skills. Thinking logically and intuitively; strong learning agility with the ability to learn new processes/patterns

● Result-orientated in terms of disposition for corrective action and security remediation.

● Have good teamwork and collaboration skills, a good team player with the ability to lead.

● Good written and verbal communication skills: to effectively articulate and explain complex security topics in simple language and easy to understand concepts.

● Possess excellent time management skills, thrive in a fast paced demanding environment

● Be a self-managed, self-starter with good organizational skills to include good follow-up skills

● Knowledge in using MS office tools such as PowerPoint, word, excel and project