Lead Specialist, Third Party Security RiskSecurity (Information & Communication Technology)
Full time
GX Bank Berhad - the Grab-led Digital Bank - is the FIRST digital bank in Malaysia, approved by BNM to commence operations. We aim to leverage technology and innovation to serve the financial needs of the unserved and underserved individuals, and micro and small medium enterprises.
We are driven by our shared purpose and passion to bring positive transformation to the banking industry, starting with solutions that address the financial struggles of Malaysians and businesses.
Get to know the Role:
As a cyber security engineer, you will find issues before an attacker does and recommend how to fix them to avoid future vulnerabilities. You may also perform social-engineering and client-side attacks involving simulating real attacks to assess the risk associated with the potential security breaches.
The Day-to-Day Activities:
Lead the Third Party Security Risk workstream within the 2nd line of defence under Technology & Cyber Risk team.
Work with procurement and contract owners to clarify the inherent risks posed by service providers to the bank based on technology service engagement.
Maintain and update third party security questionnaires based on prevailing regulatory requirements and industry best practices.
Take part in contract negotiation and clarify these mandatory requirements where needed, and balance between business and security requirements.
Document and track ongoing third party security assessments results until closure and report or escalate promptly on high risk gaps.
Deliver the agreed KPI related to the role and responsibilities.
The Must Haves:
5+ years of experience, preferably in risk management, IT audit, information security and IT related roles in technology and/or finance.
Knowledge of cloud environments or prior experience working with public cloud services (e.g. AWS).
Advanced understanding of:
Cyber and IT security risk, threat, and prevention measures.
Security incident management, malware management and vulnerability management processes.
Network security technologies, networking principles and common internet protocols.
Data security.
Prior experience in reviewing SAS70, ISO27001, SOC 1/2, ISAE 3000, OSPAR framework, BNM RMiT, or MAS TRM.
Proficiency in English.
Self-starter with the ability to work under pressure and minimal supervision.#J-18808-Ljbffr