Apply now »

Security Consulting and Risk Officer

Job Summary:

 

  • Responsible for securing data, network, and applications in system development or system implementations
  • Perform threat modeling, business and technical process analysis, application security and architecture reviews to evaluate, identify vulnerabilities and enforce security controls in IT and application systems
  • Ensures coordination of penetration testing support and vulnerability validation scans of systems project.

 

Role Exposure:

 

  • Work closely with cross-functional teams - ITG Infrastructure team, ITG DevOps team, Developers, Solutions and Enterprise Architects, Technical Project Managers, Delivery Managers and Project Proponents.
  • Helps to improve the security health of the application systems, information processing facilities and connected services of the bank by:
  • Providing security consulting services on information security related matters for on premise and cloud-based project implementations and deployments.
  • Serves as project security technical point of contact for system development as it relates to automation, continuous integration/continuous deployment activities and products/services being developed and deployed across the full application development life cycle
  • Ensure enforcement of security requirements across all new application systems and API deployments
  • Performs threat modeling and business/technical process analysis to identify vulnerabilities/weaknesses on processes and technology implementations thru a documented analysis and assessment report
  • Standardize the technical, functional and administrative security requirements covering areas of application system, technical design and architecture.
  • Ensures that the security requirements align with the business objective of the application systems to be implemented
  • Provides consulting on technical designs and solutions to address infrastructure security and application security related weaknesses
  • Collaborate with relevant stakeholders to implement security improvements
  • Collaborate with the appropriate subject matter expert in Security Architecture and Innovation Department in reviewing security architecture and addressing architecture concerns in a project
  • Ensures that source code reviews are performed and validated across all platforms and frameworks
  • Coordinates application vulnerability scanning and penetration testing remediation activities with ITG developers
  • Assist with vulnerability prioritization and provide guidance on resolution
  • Ensures that standard security requirements are kept updated
  • Maintains an expert knowledge in the field of Information Security and the related issues, systems, processes, products, and services
  • Stay current with best security practices
  • Collaborates with other ITG Servicing units and application teams to harden its operating systems and application systems to better protect user data when implemented
  • Proactively works with the Department Head in implementing programs for the continuous improvement of the bank’s information security posture
  • Perform other information security governance, risk and compliance related duties and responsibilities as directed by the Department Head.

 

Qualifications:

 

  • Graduate of any college degree in Computer Science or Information Security, or related technical field of expertise
  • General understanding of regulatory compliance and how it relates to application security and privacy
  • Certification training may include is CISA, CISM, SANS GIAC, CISSP, PCI-DSS, etc.)
  • Understanding of network and application security risks and how to address them
  • History of designing, developing, or customizing application systems a plus
  • Extensive and deep technical knowledge/understanding of system development, typically ranging from front-end user interfaces all the way to the back-end systems of both on premise and cloud deployment.
  • Working knowledge of on premise and cloud architectures
  • Strong familiarity with web protocols and web services, networking concepts and encryption
  • Understanding of Microsoft, Linux/Unix security architecture
  • Knowledgeable in using MS office tools such as PowerPoint, Word, Excel and Project

Apply now »