Application Security Engineer (Contract)

The Monetary Authority of Singapore (MAS) is Singapore’s central bank and integrated financial regulator.

As central bank, MAS promotes sustained, non-inflationary economic growth through the conduct of monetary policy and close macroeconomic surveillance and analysis. It manages Singapore’s exchange rate, official foreign reserves, and liquidity in the banking sector.

As an integrated financial supervisor, MAS fosters a sound financial services sector through its prudential oversight of all financial institutions in Singapore – banks, insurers, capital market intermediaries, financial advisors, and stock exchanges. It is also responsible for well-functioning financial markets, sound conduct, and investor education.

MAS also works with the financial industry to promote Singapore as a dynamic international financial centre. It facilitates the development of infrastructure, adoption of technology, and upgrading of skills in the financial industry.

Join us now, if you have a genuine interest in making an impact to help shape Singapore’s economic and financial landscape.

[What you will be working on]

As an Application Security Engineer as part of the Supervision Platforms Division, you will play a crucial role in developing and maintaining a robust culture of technology and cybersecurity risk governance across our organisation.

This role offers an opportunity to make a significant impact on our organisation's ICT risk management and governance practices, and you will work with cross-functional teams to maintain the highest standards of cybersecurity and ICT compliance.

In this position, you will:

(i) Develop the culture of Tech risk governance and management across the organisation, and ensure proper accountability in the management, tracking and reporting of tech and cyber risks.

(ii) Provide subject matter advice to internal stakeholders on cyber security requirements that the Authority is required to comply with, including MAS’ internal policies and standards, as well as policies and standards from GovTech and Cyber Security Agency of Singapore.

(iii) Review and establish ICT policies and process controls and conduct compliance checks.

(iv) Support team lead and work with internal stakeholders to:

• Track and monitor tech projects and initiatives to meet compliance requirements.

• Track and monitor of Key Risk Indicators and Control Self-Assessment as part of Tech governance framework.

• Track and monitor incident reporting, including reviewing, monitoring, and reporting on the corrective measures and improvement areas.

• Participate in consultation and conduct gap analysis against new or revised requirements.

• Assess and seek waiver approvals for deviations and risk treatment strategies.

• Organise risk forums, including monitoring of action plans.

• Coordinate and facilitate IT / cyber security audits.

• Track remediation plans to address audit findings.

• Follow up on remediation actions, security and risk assessments with respective stakeholders and project and application managers.

(v) Recommend the re-engineering and streaming of processes to enhance effectiveness of controls implemented.

(vi) Present management reporting to stakeholders, with analysis of data and trends, and recommend next steps.

(vii) Enhance training and other materials in ICT risk management, document case studies and good practices.

[What we are looking for]

• At least 5 years of relevant experience in ICT cybersecurity, data security, audit management, governance, risk and compliance management.

• Relevant certifications in IT governance, IT audit, cyber or data security (e.g. CISSP, CISM, CISA, etc.) preferred.

• Ability to work with cross-functional, multi-disciplined team to operationalise monitor security policies and procedures.

• Knowledge of Instruction Manual 8 and CSA Cybersecurity Code of Practice preferred.

• Technical knowledge of security vulnerabilities, validation of remediations and risk assessments.

• Relevant experience in data visualisation and analytics.

• Experience in reporting and dashboard using JIRA is preferred.

• Strong analytical, reasoning and problem-solving skills, and meticulousness with an eye for detail.

• Good oral and written communication skills.

• Ability to work independently and taking ownership for project deliverables.

• Team player who is proactive and collaborative.

As part of the shortlisting process for this role, you may be required to complete a medical declaration and/or undergo further assessment.

This is a contract position until Dec 2029. All applicants will be notified on whether they are shortlisted or not within 4 weeks of the closing date of this job posting.