The ETS Asia Control Integrity team is the security control and governance team under the ETS Asia Umbrella. The team performs security assessments for new technologies and new projects, in addition to performing an assurance function to ensure ETS complies with company and regulatory security requirements.
Join this dynamic team as the person accountable to monitor and respond to security threats and incidents for both the cloud-based and on premises based infrastructure, platform and services.
What motivates you?
You obsess about customers, listen, engage and act for their benefit
You think big, with curiosity to discover ways to use your agile mindset and enable business outcomes
You thrive in teams, and enjoy getting things done together
You take ownership and build solutions, focusing on what matters
You do what is right, work with integrity and speak up
You share your humanity, helping us build a diverse and inclusive work environment for everyone
We are looking for someone with :
Degree holder of computer science or engineering.
Ethical hacking, intrusion detection and incident response certificates issues by reputable organization.
Possess Information security (CISSP, CISM, SANS) designations.
At least 10 years working experience focusing on penetration testing, security incident monitoring and response, preferably including forensics analysis.
At least 10 years of working experience in the information security areas including network security, IAM, RBAC, encryption, security scanning, hardening, privilege ID management etc.
Able to make quick and prudent decision in emergent situations, and think holistically and strategically on process and technology improvements.
Able to define and rationalize goals as well as define and execute roadmap for process improvement.
Proficient in communication with senior leaders.
Strong experience in threat detection and incident response tools.
Able to work on flexible hours including having meetings with North America in the evenings occasionally.
Ability to manage multiple tasks for multiple stakeholders which will need to be prioritized. Results oriented; ability to balance multiple priorities and projects.
Knowledge of control frameworks, risk management practices and regulatory requirements.
Well-developed impact and influence skills.
Excellent customer focus and commitment to quality.
Knowledge and understanding of the financial industry.
Nice to Haves :
Experience with cloud IaaS, PaaS, and SaaS security controls and adjust incident response process due to involvement of cloud technology.
Strong experience on automation for security control enforcement and monitoring
Experience in runtime security scanning and runtime protection tools and security controls in microservices env.
Track record of building strong relationships across technology functions.
On the job you will :
Collaborate with the global function, streamline cyber security incident response process and investigation flow for Asia region.
Investigate security events or assist global function to investigate incidents by leveraging knowledge of the Asia environment and controls.
Communicate incidents / events to stakeholders.
Lead / guide the containment and eradication phase of the incidents when occurred.
Lead cyber security simulation exercise and maintain information about key contacts critical to incident response.
design use cases and relevant monitoring rules in SIEM to detect and alert on incidents.
Coordinate remediation of findings from global penetration testing and purple team exercise, investigate root cause and work with various teams to define and drive implementation of remediation roadmap.
Project and Technology Information Risk Management
Perform ETS project and technology information risk assessments including assessing risks and define controls as well as tracking the implementation of controls.
Assessment focus for the incumbent is the cloud-based infrastructure, platform and services
Design, document and / or implement BAU security controls applicable to the cloud-based infrastructure, platform and services
Evaluate products for implementing security controls in the cloud or on-premises spaces.
Develop Infrastructure-as-code to automatically and continuously enforce security controls.
Establish security compliance monitoring mechanism to periodically and automatically measure security control operation effectiveness.
Provide security metrics for overall security posture reporting.
Our commitment to you
Our mission; to be a part of making Decisions Easier and Lives Better
A leadership team dedicated to your growth and success
A bold ambition and set of goals to be a leader in driving transformation in our industry
Our best. Every day.