Overview
Technology Information Security Office (TISO)
Description
The Cyber Quality & Prevention team serves as an independent function to perform deep dives and thematic review on TISO functions’ compliance with policies, standards, guidelines, procedures, etc to assess the existence and effectiveness of existing controls.
Roles and Responsibilities:
- Determine the theme and scope of review to be performed.
- Communicate the area of review and support the team in identifying existing risks and gaps.
- Engage external consultants to perform reviews where required.
- Validate the control design effectiveness of completed CDR capabilities
- Identify the existence of compensating controls for identified risks.
- Perform deep-dive investigations into identified issues to identify the facts and determine the root cause.
- Present assessment results to management and relevant stakeholders, ensuring clear communication of risks and necessary actions.
- Recommend remediation and mitigation strategies based on identified risks, while providing technical expertise and guidance where required.
- Verify that remediation plans, and security postures are implemented as stated.
- Monitor the implementation of audit recommendations and corrective actions.
- Support the creation of remediation plans and track progress of remediation.
- Ensure that all analyses from reviews forms part of the feedback support loop to aid in future roadmap developments and maintenance of TISO procedures.
- Stay updated on industry trends, emerging threats, and new technologies.
Qualifications
Requirements:
Experience: Minimum of 4-6 years of (preferably) hands-on experience in penetration testing for web applications, mobile applications, and APIs, with a proven track record in red teaming and script development. - Educational Background: Bachelor’s degree in computer science, Computer Engineering, Information Security, or a related field, or equivalent practical experience.
- Information Security Knowledge: Strong understanding of all aspects of information security, including network security, application security, and threat modelling.
- Understanding of Cybersecurity Principles: Knowledge of security protocols, risk management, and compliance standards (e.g., NIST, ISO 27001).
- Regulatory Familiarity: Knowledge of MAS TRMG and other relevant regulatory and industry standards, such as ISO 27001, NIST, or OWASP guidelines.
- Communication Skills: Excellent verbal and written communication skills, with the ability to articulate technical concepts to both technical and non-technical stakeholders. Proven ability to work independently as well as collaboratively within a team.
- Certifications: Relevant certifications from recognized organizations such as GIAC, Offensive Security, or CREST are required. Additional certifications like CEH (Certified Ethical Hacker) or OSCP (Offensive Security Certified Professional) are a plus.
- Technical Proficiency: Preferably hands-on experience with penetration testing tools and frameworks, including Kali Linux, Burp Suite, Tenable, Metasploit, and secure code review tools.
- Scripting Skills: Proficiency in scripting languages (e.g., Python, Bash, PowerShell) for automation of testing processes and tool development.
- Vulnerability Assessment: Experience in conducting vulnerability assessments and security audits, with the ability to analyse and report findings effectively.
- Team Collaboration: Experience working in teams and collaborating with other IT staff and departments.
Primary Location
: Singapore
Job
: Information Technology
Organization
: Technology Information Security Office (TISO)
Schedule
: Permanent
Job Posting
: 04-Mar-2025, 4:54:51 AM
About OCBC Bank
OCBC is the longest established Singapore bank, formed in 1932 from the merger of three local banks, the oldest of which was founded in 1912. It is now the second largest financial services group in Southeast Asia by assets and one of the world’s most highly-rated banks, with an Aa1 rating from Moody’s. Recognised for its financial strength and stability, OCBC is consistently ranked among the World’s Top 50 Safest Banks by Global Finance and has been named Best Managed Bank in Singapore by The Asian Banker.
OCBC and its subsidiaries offer a broad array of commercial banking, specialist financial and wealth management services, ranging from consumer, corporate, investment, private and transaction banking to treasury, insurance, asset management and stockbroking services.
OCBC’s key markets are Singapore, Malaysia, Indonesia and Greater China. It has more than 570 branches and representative offices in 19 countries and regions. These include about 300 branches and offices in Indonesia under subsidiary Bank OCBC NISP, and over 90 branches and offices in Mainland China, Hong Kong SAR and Macau SAR under OCBC Wing Hang.
OCBC’s private banking services are provided by its wholly-owned subsidiary Bank of Singapore, which operates on a unique open-architecture product platform to source for the best-in-class products to meet its clients’ goals.
OCBC's insurance subsidiary, Great Eastern Holdings, is the oldest and most established life insurance group in Singapore and Malaysia. Its asset management subsidiary, Lion Global Investors, is one of the largest private sector asset management companies in Southeast Asia.