AUDAX FINANCIAL TECHNOLOGY PTE. LTD.
Associate/Specialist, Incident Response and Risk Management
Information Technology, Risk Management
$4000 - $6000 monthly
Audax is seeking an Associate/Specialist, Incident Response and Risk Management to join our team. The candidate must be comfortable with working on ICS at both the abstract and detailed levels. The ideal candidate will be someone who has strong background in ICS risk management and good working knowledge in security operations and incident response. This role will report to the Head of Enterprise Risk and CISO. We welcome applications from fresh graduates with a solid foundation in ICS, as well as experienced professionals.
This is a contract role.
What you will be doing:
ICS Risk Management
Risk governance:
- Assist with designing and implementing an ICS risk governance framework tailored to a fintech.
- Ensure ICS risks and issues identified are properly risk rated and resolved in an appropriate and timely manner.
- Provide insightful risk posture through thematic and accurate risk profile and reporting including corelating relevant controls and associated risks/controls gaps (regulatory, internal and external audit issues, and self-identified gaps).
- Implement control processes, perform key control testing based on key control and risk indicators to ensure compliance with the control statements outlined across Group Policies and Standards as well as facilitate monitoring/collection of any key control or risk indicators.
- Support the implementation of processes and tools related to application security, cyber security monitoring, vulnerability management and penetration tests.
- Cooperate with legal, compliance and other risk owners to ensure compliance with Audax policies and regulatory requirements.
Risk advisory:
- Facilitate and performs risk reviews on projects / new technologies and provides recommendations to manage risks.
- Devise and validate security baselines for newly onboarded and existing technology platforms.
- Participate in partner / vendor onboarding risk reviews.
Security awareness:
- Promote cyber security awareness for staff and customers
Compliance and Reporting:
- Ensure compliance with relevant security standards, regulations, and best practices.
- Generate regular reports on security metrics, incidents, vulnerabilities, and operational status.
Audit Management:
- Manage and coordinate security audits conducted internally or by external auditors.
- Prepare audit responses and action plans, implementing corrective measures and tracking progress.
Security Operations
Incident Response:
- Perform security monitoring and triaging for potential threats and SIEM alerts.
Vulnerability and Threat Management:
- Manage vulnerability assessment and remediation programs, prioritizing and mitigating security vulnerabilities.
- Coordinate with technology operations teams to apply patches and updates to systems and applications.
Access Review and Security Exceptions:
- Establish and maintain access review processes to ensure appropriate access rights and permissions.
- Manage and review user requests for security exceptions, balancing business needs with security requirements.
Firewall, Network Proxy, and EDR Management:
- Firewall Management: Oversee the configuration, maintenance, and monitoring of firewall systems to enforce security policies and control network traffic effectively.
- Network Proxy Management: Manage proxy servers to secure internet traffic, optimize performance, and troubleshoot issues as needed.
- Endpoint Detection and Response (EDR) Management: Manage EDR tools across endpoints, configure policies for threat detection and response, and analyse endpoint data for security anomalies.
Service Management:
- Handle and manage user requests involving security services (e.g. network proxy), in accordance to Service Level Agreement (SLA).
What you need to be successful in this role:
- Bachelor’s degree in Computer Science, Information Technology, or related field; advanced degree or certifications (e.g., CISSP, CISM) preferred.
- [Specialist level] 5-10 years of relevant ICS experience in ICS risk management and security operations, with at least 3 years in risk management and 2 years in security operations.
- [Specialist level] Experience with access control, vulnerability management, audit management, and compliance frameworks (e.g., PCI-DSS, GDPR) for Specialist level.
- Understanding/proven experience of risk management and security operations.
- Strong understanding of security principles, protocols, and technologies.
- Strong acumen in setting up risk frameworks, policies, standards, baselines and procedures.
- Good hands-on experience on cloud, application, information and cyber security.
- Good understanding of technology (e.g. cloud and containers) and Agile development concepts.
- Knowledge of retail banking products and processes with a focus on digital products, functions, features and processes.
- Good understanding of industry trends and developments including impact on the business.
- Excellent communication skills and ability to collaborate effectively across teams and stakeholders.