IT Security Officer Permanent

Our Goal and Mission

VTB Capital’s goal is to be Russia’s Investment Banking powerhouse. We want to be the firm that is a natural choice for all Russian Investment banking and asset management products. A choice our clients around the world make routinely and with confidence.

Our mission is to exceed client expectations by providing first class financial services. To create value for the benefit of our clients and for economic and social progress globally.

The Position

The candidate will be responsible for the IT security support and assurance for the Asia branches as well as VTB Capital globally and be in the ITSec (or IT Security) Global Team. The ITSec team is a virtual global team and part of the global IT Security & Architecture function, which comprises the SEA Team (Security Engineering & Architecture), SOC (Security Operations Centre) & ITSec teams globally.

The candidate will be involved in global IT Risk Management activities interfacing with local and global clients, advising them about IT security compliance and performing IT security risk management and security standards setting activities.

The IT security officer candidate should have a thorough and deep understanding of IT systems security and will be responsible for advising/recommending and implementing IT security to ensure our entire infrastructure, applications, systems and third parties are configured securely at all times and in line with industry best practices. The candidate will also have to be well versed with security requirements from the Monetary Authority of Singapore (MAS), specifically,

• Knowledge of the MAS TRM Guidelines , Notice 644, Outsourcing Guidelines
• Knowledge of the MAS cyber security guidelines
• Knowledge of SFC Cybersecurity regulatory requirements.

The candidate will also be responsible for interpreting the cybersecurity security requirement of regulators in Hong Kong as well as in China.

Principal Responsibilities

The candidate will be part of a global IT Security team and be based in Singapore with a fluid and varied workload.

Accountabilities may vary at any point in time but will cut across the following disciplines and areas;

IT Security Officer duties

• Review and development of security framework, information security policies, processes/procedures and guidelines on an ongoing basis.
• Administer compliance with these policies/procedures through ongoing security reviews and audits, not limited to security assessment of IT systems (infrastructure & applications), existing and new 3rd parties & Datacentres.
• Ensure IT and security compliance with Local MAS regulatory requirements as well as other regulators in VTB Asia offices
• Identify IT security risks including those in new & existing IT business applications and infrastructure projects
• Conduct security assessments for business applications and infrastructure projects
• Participate in new security projects to improve the security controls, efficiency and ease of use
• Assist and act as the service manager for remotely provided security functions into Asia ensuring that periodic network scans, penetration testing, simulation attacks on the systems, KPIs and project delivery are on track.
• Support the IT audits of the branch.
• Act as the point of contact to assist and advise clients of IT security-related matters

Key Competencies & Qualifications

• Ideal candidate profile would be Bachelor’s degree in information technology / Computer Engineering / Computer Science or related discipline
• In depth knowledge of infrastructure and application security including but not limited to Network firewalls, VPNs, virtualization, privilege access management & general Security products
• Solid knowledge in anti-virus software, intrusion detection, firewalls, application security and content filtering
• Knowledge and experience of the risk assessment process utilizing standard methodologies, tools and methods
• Experience of vulnerability and penetration testing
• Professional Certifications: CISSP/CISM/CISA/MCSP/CCSK/CCSP is preferred
• Strong analytical and critical thinking skills and meticulous attitude is essential.
• Able to work independently or in a team with minimal supervision
• Extensive experience in working collaboratively across global teams and to lead others through problem solving challenges.
• Strong communication skills, both verbal and written are essential.
• Previous working experience within a financial organization in a similar capacity is desirable
• Ability to communicate in languages spoken in Shanghai China is also a distinct advantage.

Typical Decisions taken by Job Holder

Reviews, risk assessments and final decisions related to the Approvals of IT BAU workflow across all entities including but not limited to:

• Firewall changes
• Privileged access
• Security Policy exceptions
• Risk Assessments
• SWIFT attestations
• Connections to third parties

Also decisions related to meetings and responses with and to MAS TRM, internal audit, new application risk assessments, new security baselines, development and approval of security standards, risk assessments of existing applications, maintenance of the IT Security Risk Register, IT Security budgets in ASIA, local IT cybersecurity incident escalations, threat and vulnerability scanning action planning.

Governance and oversight of global cyber incidents affecting Asia offices and owning the delivery of critical changes to drive improvements of efficiency and the quality of client delivery in the function.