Information Security Manager

Eastspring is a global asset manager with Asia at its core. We create a culture in which diversity is celebrated and inclusion assured, for our colleagues, customers, and partners. We provide a platform for our people to do their best work and make an impact to the business, and in exchange, we support our people's career ambitions. We pledge to make Eastspring a place where you can Connect, Grow and Succeed.

.

.

KEY RESPONSIBILITIES

• Conduct security-by-design reviews on new programs, initiatives, projects, Cloud services and technologies regionally (in-house development, Commercial Off-The-Shelf, SaaS), ensuring sufficient documentation for compliance / audit.
• Collaborate with Group and Regional information security teams, as well as business stakeholders, to ensure project implementation aligns with security controls in accordance with policies, standards, guidelines, and regulations.
• Take part in the security architecture blueprint and design review process for the Cloud hosted solutions.
• Ensure critical vulnerabilities are tracked and remediated prior to application go-live.
• Analyze, review, and approve non-standard software/technology implementations regionally.
• Perform ad-hoc and periodic reviews of Proxy/Network/Firewall requests, designs, and configurations in Eastspring.
• Provides advisory and consultation to business units, business owners, and project teams for any Cloud Security related matters.
• Create a culture of security-by-design awareness by conducting related training for LBUs and other relevant stakeholders.
• Create, maintain, and update relevant security policies, standards, and operating procedures for Eastspring.
• Support the team leader with any assigned security operation tasks related to Identity Access Management, endpoint security, network security, data protection, DLP, VAPT, security alerts, and incidents.

EXPERIENCE / QUALIFICATIONS

• Recognized degree in Computer Science or related Engineering fields.
• 5-7 years of demonstrated experience in reviewing and identifying gaps in architecture blueprints and designing controls, especially in the Cloud domain.
• Candidates with proven experience in financial services industry is preferred.
• Must be able to recommend mitigations to threat models based on threat vectors and exploits.
• Good knowledge and experience with regulations, including PDPA, MAS guidelines, and technology/cybersecurity regulations in other Asian countries (e.g., Thailand, Malaysia, Taiwan).
• Understanding of asset and/or wealth management businesses, including trade lifecycle and operational processes, is a plus.
• Certifications such as CISA, CISSP, and CCSP are encouraged and demonstrate continuous learning and application of standard methodologies.
• Ability to understand business requirements and security risks during security assessments and consultations.
• Understanding of the company's business direction from products, solutions, market, and technology perspectives in the Cloud domain.

Eastspring is an equal opportunity employer.  We provide equality of opportunity of benefits for all who apply and who perform work for our organisation irrespective of sex, race, age, ethnic origin, educational, social and cultural background, marital status, pregnancy and maternity, religion or belief, disability or part-time / fixed-term work, or any other status protected by applicable law. We encourage the same standards from our recruitment and third-party suppliers taking into account the context of grade, job and location. We also allow for reasonable adjustments to support people with individual physical or mental health requirements.