Assistant Information Security Manager

About FWD Group

FWD Group is a pan-Asian life and health insurance business with more than 12 million customers across 10 markets, including some of the fastest-growing insurance markets in the world. The company was established in 2013 and is focused on changing the way people feel about insurance. FWD’s customer-led and digitally enabled approach aims to deliver innovative propositions, easy-to-understand products and a simpler insurance experience.

For more information, please visit www.fwd.com

In Singapore, FWD aims to change the way people feel about insurance by leveraging technology to deliver products and services that are relevant, easy to understand and always convenient for our customers. To this end, we have a direct-to-consumer (DTC) platform that allows customers to buy their preferred life and general insurance products directly from our website; as well as a network of preferred Financial Advisory (FA) firms for customers who want to speak with an advisor before committing to an insurance plan. Whatever their preference, we believe insurance should be simple, reliable and convenient.

If you are looking for a career where you can create a real impact and celebrate living, we invite you to join us on our exciting journey.

PURPOSE

Minimize and mitigate the risk and protect the organization’s information against a variety of cyberthreats (cyberattacks; theft or corruption from within; etc.), in line with FWD’s risk enterprise risk management framework.

KEY ACCOUNTABILITIES

• Works with IT teams and business functions to make sure that security tools and monitoring applications are compliant with security standards.
• Ensure IT operations and activities comply with Information Security standards set by FWD Group and regulatory standards as required by the Monetary Authority of Singapore (MAS).
• Analyze periodic vulnerability scan reports and collaborate with IT and business stakeholders to remediate identified vulnerabilities promptly. Monitor security patches, updates, exceptions and ensuring timely application across the organization’s systems.
• Analyze hardening configuration reports and collaborate with different stakeholders to remediate identified gaps. Monitor compliance and track exceptions as needed.
• Review and analyze data generated from other Information Security tools and follow-up for remediation action.
• Investigate security alerts and incidents, analyze root causes, and track corrective actions to closure.
• Assist in developing and enforcing security policies, standards, and guidelines.
• Analyze and collaborate with different stakeholders ensure security metric data is complete and accurate.
• Perform periodic Information Security controls as per FWD policies and regulatory compliance bodies (such as hardening configuration review, log reviews, user access review, etc.)     
• Collaborate with Group Information Security Team on the various Information Security projects initiatives.
• Collaborate with business functions to ensure employees are aware & trained about cybersecurity issues & practices. Other Information Security tasks as required.

QUALIFICATIONS / EXPERIENCE

• Diploma or Degree in IT, Computer Science or equivalent
• At least 5 years experience
• Relevant certifications (e.g., CC, CISSP, CISM, CEH) or strong desire to obtain those certifications are advantageous.

KNOWLEDGE, SKILLS & ABILITY

• Strong analytical skills, attention to detail, and problem-solving abilities.
• Technical skills and hands-on experience with Information Security related solutions considered an asset.
• Good understanding of Cyber Security, IT networking, Windows OS, technical troubleshooting, and problem solving.
• Awareness and understanding of common exploits and vulnerabilities, system hardening and cloud architecture.
• Good communication and analytical skills.
• Sound knowledge of Information Security management frameworks and guidelines such as NIST, ISO 27001, CIS baselines & best practices.