Director - Business Information Security Officer

Eastspring is a global asset manager with Asia at its core. We create a culture in which diversity is celebrated and inclusion assured, for our colleagues, customers, and partners. We provide a platform for our people to do their best work and make an impact to the business, and in exchange, we support our people's career ambitions. We pledge to make Eastspring a place where you can Connect, Grow and Succeed.

.

.

In this role, you will drive security, assurance, and compliance for technology at Prudential Singapore. As part of this dynamic role, you will report to Head, IT Governance, Security and Transformation and work closely with various functions within Technology, Risk Management and Business to establish, implement, operate, review and enhance the company’s security framework and processes to ensure compliance with all relevant regulatory requirements.

Job Profile Summary:

IT Security

· Lead the IT Security and Assurance team, providing leadership and overseeing the compliance to relevant security frameworks and policies to ensure security controls are in place

· Direct the cyber security strategy, identify threat scenarios, quantify risks and work with stakeholders to ensure mitigation controls are applied

· Ensure information and technology assets are adequately protected

· Analyse and correlate information security events to identify appropriate event handling actions

· Monitor digital & cyber security footprint, overseeing all IT Operations and Infrastructure (alerts, logs, security surveillance)

· Lead for security assessments and scanning such as pentest, VA and follow up with risk mitigation

· Define the reporting strategies and metrics for effective communication of PACS IT security program

· Recommend suitable enhancements to improve information security performance

· Evaluate new requests on cyber & IT security aspects to ensure meeting with our security requirements and posture

IT Assurance

· Manage, monitor, and track IT risks, and ensure controls are implemented timely to mitigate the risks

· Proactively identify and escalate any risks to the Technology Risk Management

· Remediate gaps identified from the security metrics to ensure compliance with regulatory requirements and internal frameworks and policies

· Review and approve privileged ID withdrawal request

· Review metrics of Incident, Change, Problem and Service Request to make sure that SLA are met and drive improvements with Platform owners

· Manage internal, external and regulatory audit related to IT specific requests to ensure timely submission.

· Communicate changes to policies e.g. Group Security changes that will impact IT

· Monitor Dispensations, pentest, and VA closure status

· Work with TRM identify areas for CSA and complete per target timeline.

· Review half yearly user access reviews

----------------------------------------------------------------

Who we are looking for:

Technical Skills & work experience:

· 8 years or more experience working, preferably in Financial Services / Insurance industry. At least 3-5 years in a supervisory position is desirable

· Familiar with Singapore regulatory IT security requirements, example: MAS TRM, Cyber Hygiene notice

· Bachelor’s Degree or diploma in IT / Computer Science/Computing or related.

· Following certifications or similar would be beneficial:

• Certified Information Systems Security Professional (CISSP) issued by ISC2
• Certified Information Systems Auditor (CISA) issued by ISACA
• Certified Information Security Manager (CISM) issued by ISACA
• Global Information Assurance Certification (GIAC) issued by SANS

Personal Traits:

· Exceptional team player

· Strong communication skills & ability to engage senior stakeholders on strategic plans

· Ability to lead committees and provide timely status updates

· Excellent problem analysis skills. Innovative and creative in developing solutions

· Ability and willingness to be hands-on

· Strong attention to details

· Ability to work independently

Eastspring is an equal opportunity employer.  We provide equality of opportunity of benefits for all who apply and who perform work for our organisation irrespective of sex, race, age, ethnic origin, educational, social and cultural background, marital status, pregnancy and maternity, religion or belief, disability or part-time / fixed-term work, or any other status protected by applicable law. We encourage the same standards from our recruitment and third-party suppliers taking into account the context of grade, job and location. We also allow for reasonable adjustments to support people with individual physical or mental health requirements.