Total 51 IT Manager job vacancies in Legal / Public / Security category in D05 Clementi New Town, Hong Leong Garden, Pasir Panjang

Who we are

Crédit Agricole Corporate and Investment Banking (Crédit Agricole CIB) is the corporate and investment banking arm of Crédit Agricole Group, world’s 10th largest bank by total assets.

Our Singapore center (“ISAP” or “Information Systems Asia Pacific”) is the 2nd largest IT setup (after Paris Head Office) for Crédit Agricole CIB's worldwide business. We work daily with international branches located in 30 markets by:

· Envisioning and preparing the Bank’s futures information systems

· Partnering and supporting core banking flagships and transverse areas in their large scale development projects

· Providing premium In-house Banking applications

This unique positioning empowers us to bring our core banking business a sustainable competitive advantage on the market.

We seek innovative and agile people sharing our mindset to support ambitious and forthcoming technological challenges.

Position

IT Security Officer (ITSO)

IT Security Officer role is responsible for managing and supervising Information Technology Security matters for the Bank in Singapore and ensuring that the execution of Information Security activities are in alignment with Banks’ Security Policy and Standards. Person is also in charge of coordination of operational security of Information Systems, conducting Cyber Security Risk Assessment and ensuring effective management of IT Security initiatives in Singapore.

Main Responsibilities (not limited to)

• Information Systems in Singapore are in alignment with Groups’ Security Policies and Standards;
• Develop, contribute and establish local Security Policies, guidelines, standards and processes (as applicable) in conformance to Group’s Information System Security Policies, Governance Texts and local regulatory requirements.
• Conducting Information Security (Cyber) risk assessments to identify Cyber risks, develop and maintain adequate and comprehensive mitigation and deliver subsequent corrective actions when KPI results are unsatisfactory.
• Advising business teams, technology teams and leadership on implementing cyber security best practices for managing cyber and technology risks.
• Maintaining oversight on Key Cyber risk/IT Security indicators in scope;
• Maintaining oversight on the deployment of various Security Programs and projects running for the bank in the region.
• Coordinate studies on security requirements for implementing new IT Security solutions and provide consultation support on IT infrastructures and Applications teams
• Ensuring all Security related requests and derogations are reviewed and granted based on Security Risk Assessments;
• Ensuring the Vulnerabilities under the perimeter are managed and mitigated as per the defined Vulnerability Management Process;
• Assist and recommend the Local IT teams to define and implement remediation actions plans derived from audits or security reviews.
• Follow up on IT security related audit recommendation action plans falling under SG or other entities
• Maintain and Publish the Security Dashboard for Singapore for the Security KPIs;
• Supporting the IT Permanent Controls team and CLSi function on technical matters related to IT Security topics;
• Ensuring technical security projects for the region are properly taken into account and effectively delivered;
• Accompanying local IT teams in technical security topics where Security expertise and advices could be needed, to ensure proper implementation of standards and best practices;
• Acting as an entry point for all technical security related matters to assess the overall Information Systems Security;
• Raising operational security needs or constraints, or local constraints, proposing solutions and possible adaptations of standards in case they cannot cover a precise local requirement (for example due to a local regulation);
• Helping IT teams in deploying level 1 and level 2.1 controls required by ISS control plans.
• Should be able to take up additional responsibilities as needed for the operations or as assigned by the manager;
• Comply with all applicable legal, regulatory and internal Compliance requirements, including, but not limited to, the Singapore Compliance manual and Compliance policies and procedures as issued from time to time; Financial Security requirements, including, but not limited to, the prevention of Financial Crime and Fraud including reporting obligations to the Money Laundering Reporting Officer/Compliance Officer.
• Maintain appropriate knowledge to ensure to be fully qualified to undertake the role. Complete all mandatory training as required to attain and maintain competence.

Candidate Profile

• Must have a minimum 10 years of relevant experience in IT Security domain;
• Must be a bachelors/masters/engineering graduate or equivalent technical degree in Information Technology or Computer Science;
• Must have knowledge of different domains of Information Security;
• Must have prior hands-on experience in governance, managing and operating the Information System Security;
• Should have experience in working in first and second line of Cyber defense;
• Must have experience in conducting Cybersecurity Risk Assessments, security reviews of IT Projects;
• Must have experience in Security Exceptions management
• Ability to apply risk based approach while working on assigned responsibilities;
• Experience in defining, implementing, and enforcing enterprise-level Information Security Policies
• Excellent in analytical, communication and documentation skills;
• Must have strong understanding of ITIL processes and comfortable working in process oriented environment;
• Should have time management skills and able to manage work in fast moving environment;
• Should have excellent written and oral English language skills;

· Professional Certifications :

• CISSP certification is must
• Any other IT Security or Cyber Risk related certifications are desirable

Work Schedule

• Work Hours: 8.45a.m. to 6. 30p.m (Monday to Friday) with one-hour lunch break.

Position

Data Security Specialist- Data Security and Endpoint Security

Data Security Specialist is a technical Specialist role within the Data Security Services team and will be responsible for managing, administration and supporting the Data Security and Endpoint Security technologies for the bank.

Person will be the technical point of contact for the Run team and the related activities to data security and will be the last level of escalation for the Security specialists in the team. He/She is also responsible for the technical transition and validation of Security services from other regions to Singapore. He/She will be involved in projects and POC’s that may involve security services. He/She works with continuous improvement principles. He/She is equivalent to the Subject Matter Specialist on the technologies within data security.

Data Security Services team in Singapore is responsible for day-to-day operational services on the infrastructure of Europe (mainly France and UK) and Asia remotely from Singapore. France infrastructure represents approximately 80% of the worldwide production activities of CA-CIB in Singapore.

Team works in Europe time zones and this role will be aligned primarily to Paris working hours. Flexible rotations are followed based on the nature of duties.

The operational support of the team covers the following technical scope:

• Endpoint Security technologies – Anti-virus management, Host Intrusion Prevention System etc.
• Data Leak Prevention systems. - Email Prevent, Web Prevent, Endpoint Protect,
• Encryption Solutions: Disk Encryption, File and Folder encryption,
• Database Audit Monitoring solutions
• Email and Web Phishing Prevention solutions.
• Vulnerability Management

Detailed Job Responsibilities

The Specialist has a wide spectrum of responsibilities and actions. Person will be responsible for following (but not limited to) responsibilities in day-to-day work:

As the Specialist of the team, he/she:

• act as the last level of escalation for the team members
• own Incident, Problem and change management process for the team
• assigns technical tasks and manages delegation
• animates the team to encourage collaboration and sharing of practices
• participates to recruitment process for the team

As the Specialist of his/her scope of activity, he/she:

• is actively involved in incident management (fault investigation, resolution escalations of all monitoring alerts and user initiated problem calls/tickets) and request management
• Is the final technical approver for any changes into Data Security systems and is accountable for any technical changes in the environment from a RUN/BAU perspective
• Is involved in projects like End of Life, New Builds, migrations and technical upgrades of the solution managed by the team
• Participates in global Infra events (like Power down and DR Tests)
• ensures activity is performed in compliance with norms, standards, processes and procedures
• gathering required evidence using multiple forensic tools to investigate any data leak incident, conducting interrogation if required, case closure and reporting
• ensures documentation is up to date and relevant for use
• lead the continuous improvement initiatives
• responsible to drive and deliver root cause for any high severity issues
• Focus on automation and optimum use of the team to improve efficiency
• Maintain appropriate knowledge to ensure to be fully qualified to undertake the role.
• Complete all mandatory training as required to attain and maintain competence
• Comply with all applicable legal, regulatory and internal Compliance requirements, including, but not limited to, the Singapore Compliance manual and Compliance policies and procedures as issued from time to time; Financial Security requirements, including, but not limited to, the prevention of Financial Crime and Fraud including reporting obligations to the Money Laundering Reporting Officer.

Work Schedule

• Work schedule is mainly focused to support Asia and EMEA (Paris) time zone; however, may have to support during non-offce hours for critical incidents or escalation as per the assigned on-call support requirements;
• Rotational Shift schedule is followed;
• Work Hours: 2 PM – 11 PM SGT (with 1 week of General shift 9 AM – 6 PM SGT).

Qualifications and Profile

Functional

• 8 - 10 years of IT Security experience in administration and management of IT Security technologies primarily Symantec Data Loss Prevention, Symantec Endpoint Protection, Email Security, Data Classification and other endpoint & data security solutions;
• Should be a bachelors/masters/engineering graduate or equivalent technical degree in Information Technology or Computer Science;
• Knowledge of different domains of IT Security;
• Working & hands-on experience in administering the IT Security Solutions;
• Must have experience in working in similar Production setup in Run (Operations) mode;
• Ability to apply risk based approach while working on assigned responsibilities;
• Experience in defining, implementing, and enforcing enterprise-level IT security policies for endpoint and data security solutions;
• Must have working experience in managing endpoint security solution for a Large enterprise level environment, working experience in financial organization is preferred;
• Excellent in analytical, communication and documentation skills;
• Ability to organize work and be able to priories work as per the needs of Production Operation’s needs;
• Must have strong understanding of ITIL processes and comfortable working in process oriented environment;
• Ability to work independently and as well as a part of team and is able to work under minimal supervision;
• Should have time management skills and able to manage work in fast moving environment;

Technical

• Hands-on experience on Symantec Data Loss Prevention (DLP);
• Highly proficient in data leakage prevention (DLP) technologies - troubleshooting and configuration management;
• Deployment, integration and administration experience of various components of Symantec DLP:

- Symantec Endpoint Protect

- Symantec Web Prevent

- Symantec Email Prevent

- Symantec Enforce

• Must have experience in defining, designing and configuring DLP Policies as per the business requirements;
• Deploy, upgrade and troubleshooting knowledge on Symantec DLP solution;
• Scripting knowledge (Phyton, Regular Expression, Powershell) is desirable;
• Professional Certifications:

- CISSP certified is highly preferred

- Symantec Certified Specialist: Administration of Data Loss Prevention (any version) is highly preferred.

Interested applicants, please email your resume to Shaun Quek Yew Meng

Email: shaunquek@recruitexpress.com.sg

CEI Reg No: R1660732

EA Licence No: 99C4599

PRODUCT AREA

At YouTube, we believe that everyone deserves to have a voice, and that the world is a better place when we listen, share, and build community through our stories. We work together to give everyone the power to share their story, explore what they love, and connect with one another in the process. Working at the intersection of cutting-edge technology and boundless creativity, we move at the speed of culture with a shared goal to show people the world. We explore new ideas, solve real problems, and have fun — and we do it all together.

JOB DESCRIPTION

Fast-paced, dynamic, and proactive, YouTube’s Trust & Safety team is dedicated to making YouTube a safe place for users, viewers, and content creators around the world to belong, create, and express themselves. Whether understanding and solving their online content concerns, navigating within global legal frameworks, or writing and enforcing worldwide policy, the Trust & Safety team is on the frontlines of enhancing the YouTube experience, building internet safety, and protecting free speech in our ever-evolving digital world.

ADDITIONAL JOB DESCRIPTION

As a Policy Enforcement Manager, you will work with global teams to prevent violative content from appearing on the site with a focus on harassment. You will evaluate abuse trends and quality within vendor operations and develop creative solutions to address quality, workflows, and processes. You will also review decisions about the appropriateness of different content, including considerations of cultural and political sensitivities. In this role, you will review graphic, controversial, and offensive video content in line with YouTube’s Community Guidelines. You will be required to work on-call on weekends and holidays on a rotational basis. You will also be exposed to graphic, controversial, and/or upsetting content.

Qualifications

JOB RESPONSIBILITIES

• Research and stay up-to-date on key trends and suspicious patterns across policy areas.
• Oversee enforcement quality across policy areas, including calibrations with vendor teams.
• Work cross-functionally, think strategically, and keep our users safe while protecting free speech.
• Review graphic, controversial, and sometimes offensive video content in line with YouTube’s Community Guidelines.

MINIMUM QUALIFICATIONS

• Bachelor's degree or equivalent practical experience.
• 2 years of experience in data analytics, Trust and Safety, policy, cybersecurity, or related fields.
• Experience in content policy, anti-abuse or reviewing online content.
• Ability to work non-standard hours, including on-call rotation weekend and holiday hours.

PREFERRED QUALIFICATIONS

• Experience with identifying abuse trends or working in news or policy.
• Experience with SQL or large data sets and spreadsheet software and using data to drive strategy and business action along with strong problem-solving skills.
• Ability to build effective relationships with cross-functional partners across geographies.
• Excellent organizational, people management, and project management skills with good attention to detail.

Main Responsibilities

Person will be responsible for following responsibilities in day-to-day work:

• Focal Point of contact for Technical management of Menlo Web Isolation Platform (“Menlo”). Person will primarily be responsible for managing the Menlo setup and ensuring the service is available, functional, and up-to-date;
• Propose, plan and execute timely upgrades to ensure that the Menlo setup remains current;
• Propose, plan and deploy the various security related policies by leveraging different features available in product;
• Active coordination with product support vendors for any product related issues or bugs;
• Propose, plan and execute actions to ensure that web traffic requests for identified users are routed through Menlo solution;
• Work with end-users where there are issues reported for external website accessibility and/or functionalities;
• Ensure policy exclusions are challenged, reviewed, validated and deployed as per approved plan;
• Periodical review of policy exclusions and ensure that they are relevant to the current context;
• Collaboratively work with network and other infrastructure teams globally for related issues;
• Propose, plan and execute Service improvements initiatives in order to elevate the current state, including identifying the activities to automate, improve and fine-tune the policies
• Handling RFCs, Incidents and Problem tickets under ownerships- and manage related day-to-day operations;
• Maintaining and Reporting the various KPI indicators pertaining to the technologies under administration scope and leading the report actions;
• Vulnerability Scanning and Remediation of the technologies under management scope
• Planning the periodical Technology Upgrades- testing and implementation;
• Identify Risks under respective technology under ownership, maintain Risk Register and work towards closure of risks and issues;
• Escalate- discuss and consult- technical issues, Incidents, RFC roadmaps and Problem tickets as required to next levels and Management in timely manner;
• Provide technical subject matter expertise on the solutions under technical ownerships;
• Perform Root Cause Analysis for Major Incidents and provide report in timely manner and maintain proactive follow-ups to close the actions;
• Perform Trend analysis, identify top few incidents and work with respective teams/individuals to minimize the incidents, hardware/software troubleshooting;
• Participate in meetings with various stake holders as per the schedules;
• Liaise with different vendors to ensure product issues are resolved as per operational and functional needs;
• Liaise with different teams in different geographical zones;
• Adhere to different policies set out by the organization;
• Prepare and provide different reports (weekly/monthly/ad-hoc) as necessary for Operations;
• Perform changes or work on incidents during weekends as necessary;
• Participate in periodical Disaster Recovery and Business Continuity exercises as per the plan;
• Maintain appropriate knowledge to ensure to be fully qualified to undertake the role;
• Comply with all applicable legal, regulatory and internal Compliance requirements, including, but not limited to, the Singapore Compliance manual and Compliance policies and procedures as issued from time to time; Financial Security requirements, including, but not limited to, the prevention of Financial Crime and Fraud including reporting obligations to the Money Laundering Reporting Officer.
• To take up additional responsibilities as per Operational needs for the scope under the team.

Work Schedule

• Work schedule is mainly focused to support Asia and EMEA (Paris) time zone;
• Work Hours: 2 PM – 11 PM SGT (with 1 week of General shift 9 AM – 6 PM SGT as per rotation).
• Rotational Shift schedule is followed between general and afternoon hours;
• Candidate have to be standby to support critical issues reported outside of business hours and on weekends. This will be based on On-call Schedule roster which is pre-defined.

Qualification Requirements

• 8 -10 years of IT experience with minimum 5 years of hands-on experience in network security managing web traffic proxies or web phishing prevention/web isolation platforms e.g. Menlo Web Isolation Platform
• Should be a bachelors/masters/engineering graduate or equivalent technical degree in Information Technology or Computer Science;
• Working & hands-on experience in administering the Menlo Web Isolation Platform and any of the Web Proxies solutions;
• Experience in managing Production setup in Run (Operations) mode;
• Ability to apply Risk based approach while working on assigned responsibilities;
• Experience in defining, implementing, and enforcing enterprise-level IT security policies for endpoint and data security solutions;
• Must have working experience in managing endpoint security solution for a Large enterprise level environment, working experience in financial organization is preferred;
• Excellent in analytical, communication and documentation skills;
• Ability to organize work and be able to priories work as per the needs of Production Operation’s needs;
• Must have strong understanding of ITIL processes and comfortable working in process oriented environment;
• Ability to work independently and as well as a part of team and is able to work under minimal supervision;
• Should have time management skills and able to manage work in a fast-paced environment.

Professional Certifications:

• Security Certifications: Comptia Security+, CISSP is highly preferred

Interested applicants, please email your resume to Shaun Quek Yew Meng

Email: shaunquek@recruitexpress.com.sg

CEI Reg No: R1660732

EA Licence No: 99C4599

We are JTI, Japan Tobacco International, and we are present in 130 countries. We have spent years innovating, creating new and better products for the consumers to choose from. This is our business. But not only. Our business is our people. Their talent. Their potential. We believe that when they are free to be themselves, and they are given the opportunity to grow, travel and develop, amazing things can happen.

That’s why our employees, from around the world, choose to be a part of JTI. It is why 80% of employees feel happy working at JTI. And why we’ve been awarded Global Top Employer status, ten years running.

So when you’re ready to choose a career you’ll love, in a company you’ll love, feel free to #JoinTheIdea.

Learn more: jti.com

Global Travel Retail (GTR) is among the largest volume markets in JTI, operating in 160+ countries with 37 brands. We sell JTI products to international travelers in various channels (airports, border shops, ferries, diplomatic shops, etc.) and aspire to become the No.1 Tobacco Company in Travel Retail.

GTR is a highly culturally diverse market with employees from 37 nationalities working across the globe, with the market HQ based in Geneva and several Regional Hubs around the world.

What this position is about – Purpose

The GTR Legal Manager will be responsible for providing legal advice to the GTR business on all legal matters affecting its operations. The aim is to achieve corporate and commercial objectives in a manner that ensures compliance with the law and appropriate monitoring and management of legal risk.

The Legal Manager will be responsible for all legal matters (marketing activities, products regulation, contracts, etc.) for the ASIA and MENEAT Hubs and act as 1st point of contact for the business teams. Active participation in business meetings as well as collaboration with Market and HQ Lawyers and other Legal and Regulatory Affairs functions are key.

What will you do – Responsibilities:

• Performs legal advice on Tobacco regulations to the business teams in the ASIA and MENEAT hubs and to GTR central functions. Performs complex research and analysis of local laws in GTR markets with a focus on product regulation and marketing activities.
• Works in close collaboration with Market Lawyers.
• Analyzes the potential impact of anticipated regulations and actively supports the Corporate Affairs Department in its advocacy efforts
• Responsible for the review, drafting, and legal negotiation of GTR agreements in the Regional hubs he/she is responsible for (e.g. sales and distribution agreements and on Smoking Lounges agreements).
• Supports the development of the GTR Route to Market strategy in these markets
• Works closely with the Legal Director on a variety of topics, such as the implementation and monitoring of JTI's Competition law Policy and International Economic Sanctions. Responsible for the preparation of training materials for these matters, including delivering the necessary training to GTR colleagues
• Closely cooperates with external counsels and ensures the quality of outsourced legal advice as well as cost control/follow-up

Whom are we looking for – Requirements:

• University Degree in Law
• Minimum 8 years of work experience in a law firm and/or multinational corporation
• Capacity to work autonomously and make effective decisions quickly, capacity to prioritize a diverse workload.
• Strong negotiation and excellent communications skills, cultural sensitivity, business and results oriented.
• Demonstrated competence as a practicing lawyer in international business transactions, contracts, distribution, and competition/antitrust areas as well as regulatory issues.
• Experience in the Travel Retail Industry is not required
• Fluency in the English language both written and verbal
• Fluency in Mandarin is an advantage.

EDP Renewables is the main subsidiary of EDP Group), a global leader in the renewable energy sector and one of the world’s largest wind producers. With its headquarters in Singapore, EDP Renewables is the leading sustainable development hub for the Asia Pacific region with activities across nine different markets. Our activities are focused on the design, development, management, and operation of renewable energy sources, namely solar, wind, as well as new technologies such as storage.

EDP is a global energy group leading the Energy Transition, Innovation and Sustainability. Using the technology of the future, we create solutions highly focused on the needs of our people and our customers, never neglecting our role and contributions to society. To achieve our goals, we aim to attract diverse people with high potential through the professional opportunities we create.

Join us to be part of a renewable energy leader that reinvests in society through sustainable projects and social as well as cultural causes. You will have the opportunity to actively participate in our global transformation, by changing tomorrow now.

Responsibilities

• Extend EDP/EDPR SOC vulnerability management activities and SIEM monitoring to cover EDPR Sunseap's environment.
• Validate the operational security reports produced by the EDP/EDPR SOC and lead the resolution initiatives on EDPR Sunseap.
• Lead and follow-up Security Incidents and Crisis Management in the face of Security Incidents.
• Define an incident response plan and identify roles responsible for carrying out mitigation efforts.
• Test periodically the incident response plan and EDP/EDPR Group’s overall coordination.
• Propose and ensure the implementation of the EDPR Sunseap Security Roadmap of initiatives, in order to protect its assets against risks and threats.
• Whenever requested, know and investigate the vulnerabilities of the Information Systems, applying this knowledge to determine vulnerabilities in the EDPR Sunseap infrastructure and define the respective mitigation actions.
• Design and implement Security operations processes, including Security Incident Management and Security Vulnerability Management (in alignment with EDP/EDPR processes).
• Participate in the activities aimed at protecting the EDPR Sunseap IT assets in terms of Information Security, through the monitoring, detection and resolution of Security incidents, as well as the respective mitigation of the risks identified.
• Define, together with the Business Units, the monitoring scenarios in the context of the Business processes that may constitute Security incidents.
• Define Security requirements in projects and services.
• Perform information security activities such as vulnerability management, application development security, business continuity, networking, risk management, etc.
• Perform first-level incidence responses and computer forensic activities whenever integrated into technical teams when requested.
• Identify, extract, preserve and document evidence of security incidents in the EDPR Sunseap information systems (aligned with EDP/EDPR security teams).
• Collaborate with IT teams and business areas to develop information security activities, such as training, awareness, or exercises.

Requirements

• Degree/Diploma in IT or equivalent
• Possess a minimum of 3-year work experience in IT Security field
• Possess a valid Industry-accepted IT Security Professional Certifications (such as CISSP, CISA or equivalent)
• Knowledge of International Standards and Best Practices for IT ( ISO/IEC 27001, NSA Security Guidelines)
• Good written and verbal communication skills.
• Ability to work in a collaborative environment and with global teams.
• Ability to critically analyse and focus on problem solving.
• Commitment to quality delivery.
• Knowledge of the Energy & Utilities (valued).
• Value alignment: stewardship, collaboration, innovation and with a spirit of excellence

When you join EDP Renewables, you will have access to:

• Professional experience in a leading global company in the renewables industry with flexible work conditions
• Recognition through remuneration compatible with the role and other additional benefits
• Opportunities for personal and professional development, e.g. cross-cutting projects, mobilities and volunteering

About EDP Group:

As a socially responsible company, we incorporate our values and practices with the principles of Diversity and Inclusion. To achieve all our objectives, we intend to attract, develop and retain different profiles, assuming diversity as a key factor and differentiator of fundamental innovation in our organisation. We welcome and value all people, and we are committed to the inclusion and sense of belonging of each person who is part of the EDP Group.

What makes us proud as an employer:

• TOP Employer Europe 2021 certification
• Bloomberg Gender Equality Index 2021
• Top Workplaces US 2021
• Certification in Conciliation (Excellence) by the Más Familia Foundation

Leopard Secure Services Ltd., a leader in professional security services, is seeking a highly skilled and experienced Operations Manager to oversee our security operations. The ideal candidate will be responsible for ensuring that the highest standards of integrity, excellence, and professionalism are maintained across all facets of our operations.

Main duties include:
- Oversee the daily operations of our security services, ensuring efficiency, quality control, and alignment with industry standards.
- Lead, motivate, and manage our team of security professionals, ensuring high morale, professionalism, and adherence to our core values of integrity and excellence.
- Act as a key point of contact for clients, ensuring their security needs are met and exceeded.
- Maintain and build strong client relationships through exceptional service and communication.
- Contribute to the strategic planning of security operations, including resource allocation, technology adoption, and process improvements.
- Lead the response to security incidents, ensuring effective resolution, documentation, and analysis for future prevention.

Skills and Education:
- Proven experience in a security operations role, preferably within a security services company.
- Strong leadership and team management skills.
- Proven ability to manage client relationships and meet client needs effectively.
- Experience in strategic planning and performance management.
- Ability to handle high-pressure situations and make critical decisions.

Job Title

Sr. Information Security Manager

Job Description

In this role, you have the opportunity to

Information Security Lead will be responsible for developing, implementing and monitoring a strategic, comprehensive IT security plan for platforms across Enterprise IT. Information Security Lead will provide the vision and leadership necessary to manage the risk to the platform assigned and will ensure business alignment, effective governance, system and infrastructure availability, integrity and confidentiality. This position reports to Head of Enterprise IT Security.

Information Security Lead need to be strong in the below mentioned areas:

• Threat modelling

• Security Testing (includes Dynamic, Static Security Testing),

• Penetration Testing

• Application Architecture review

• Cloud Security Architecture Review

• Define Security Use Cases

• Cloud Platform Security

• API Security

• Open AI/GenAI Security

• Data Lake Security

• Modern Authentication

• SDLAN Security

• Network Segmentation

• MITRE Attack Framework

• Cyber Security Framework based on Industry Standard / Best Practices

• CIS Baseline Validation

• Microsoft Defender Implementation and Monitoring (Malware, EDR, ATP)

• Microsoft 365 Security

• Designing of Conditional Access Policy

You are responsible to:

• Develop and maintain robust security controls to protect Philips business from security breaches/ incidents.

• Deliver security demand from the business for security controls.

• Gather Security Management Framework and information security architectural requirements and drive compliance of Enterprise IT systems against those requirements.

• Manage risk profile of the IT-systems and Suppliers

• Drive education and awareness activities across platform and Enterprise IT.

• Evaluate new cybersecurity threats and IT trends and develops effective security controls.

• Establish regular governance with service owners to review security controls status

• Liaison with Philips Information Security Office in driving security Improvement Program

• Evaluate potential security breaches, coordinates response, and recommend corrective actions.

• Define and report on information security KPIs.

• Organize the preparation of the security status dashboards including presentation to executive management.

• Analyze application end to end, prepare threat modeling (STRIDE, PASTA & DREAD) based on different risk scenarios and dirve to fix those risks

• Cloud Security Management that includes Security Posture Management, Security Baseling, Code validation for Infra As a Code, Golden Image, Key Management, NACL, NSG, Native Security Dashboard Firewall Management, Docker Security, Kubernetes securtiy

• Prepare security use cases / functional requirements that new solutions need to meet. Validate those requirements are met when the solution is delivered

• Perform API Security testing that includes – API inventory, logging and monitoring, API Gateway Security, API Services Security.

• Exposure to network security which includes network segmentation, DDoS, Network Devices Security Baselining and monitoring, firewall rules review for any deviation.

• Application Security – integration of security tooling with CI/CD pipeline, review of security reports and follow-up to get them closed, DAST, SAST, Web Services Security, Security Focused Testing, Security Code Review etc.

• Identify risk with authentication and authorization protocols, mitigate risks with legacy authentication, design conditional access policy

• Management of foundational security tooling e.g. tools like Defender, EDR, Vuln Mgmt, CMDB agent.

• Perform Defensive / Offensive assessment on IT environment/applications to simulate attacks from real threat actors.

• Perform attack pattern analysis based on MITRE Attack framework, support solution development to address the pattern

• Define Data Protection roadmap and work with architecture to meet the requirement. Deploy data protection tools like CASB, DLP etc.

You are a part of

Enterprise IT Security team working closely with Enterprise IT, IT Platform Leaders, CIO and CISO.

To succeed in this role, you should have the following skills and experience

Soft Skills

• Excellent English language communication skills, both verbal and written. Cross-cultural etiquettes, customer centric and collaborative mindset.

• Works autonomously within established procedures and practices.

• Good command on stakeholder management, judgement, conflict resolution, risk & mitigations.

• Provides leadership to the global team at strategic, tactical, and operational level

• Maintains current knowledge of industry and regulatory trends and developments for the enterprise technology.

• Specialized in a number of Security domains such as incident response, operational assessment of security posture, general security management.

• Thorough understanding of Security Management principles, Security governance principles

Qualification

• Bachelor’s or Master’s degree in Information Technology and or commensurate experience in delivering security solutions.

• Overall Enterprise IT Security experience of 10 yrs or more.

• Security Certifications such as CISSP, CISM, CISA, CIPP etc. preferred.

In return, we offer you

A warm welcome to a challenging, innovative environment with great opportunities for you to explore. Quality is right on the top of Philips leadership agenda and that means you have the unique opportunity to come in and have a recognized voice to drive and witness exciting, transformational changes. You will be empowered to drive high quality, groundbreaking innovations with a globally recognized, premium brand behind you. Next to that a rewarding career in Philips with attractive package

Why should you join Philips?

Working at Philips is more than a job. It’s a calling to create a healthier society through meaningful work, focused on improving 2.5 billion lives a year by delivering innovative solutions across the health continuum. Our people experience a variety of unexpected moments when their lives and careers come together in meaningful ways.

About Philips
We are a health technology company. We built our entire company around the belief that every human matters, and we won't stop until everybody everywhere has access to the quality healthcare that we all deserve. Do the work of your life to help the lives of others.
• Learn more about our business.
• Discover our rich and exciting history.
• Learn more about our purpose.

If you’re interested in this role and have many, but not all, of the experiences needed, we encourage you to apply. You may still be the right candidate for this or other opportunities at Philips. Learn more about our commitment to diversity and inclusion here.

#DIW

PRODUCT AREA

Part of Google Cloud, Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response services. By scaling decades of frontline experience, Mandiant helps organizations to be confident in their readiness to defend against and respond to cyber threats.

ADDITIONAL JOB DESCRIPTION

As a Strategic Services Function Manager, you will blend risk assessment, strategic planning, and client collaboration. You will manage a team of cyber security consultants. You'll conduct in-depth cyber maturity assessments, develop forward-thinking strategies, and lead realistic simulations that help clients prepare for and respond to cyber threats.

In this role, you will identify vulnerabilities and develop actionable mitigation plans. You'll empower clients with data-driven insights, enhancing their security posture.

Qualifications

JOB RESPONSIBILITIES

• Manage and inspire a highly skilled team towards surpassing our goals by driving performance and outcomes, while managing workload, scheduling resources, and ensuring the quality of their output.
• Foster expansion in the APAC region for our Strategic Services Practice through the identification and advancement of opportunities, aiding in the creation and development of Statements of Work, and participating in responses to RFPs/RFIs/RFQs. Promote a culture of continuous learning and development within the cyber security practice.
• Perform in-depth assessments to identify and analyse cyber vulnerabilities and threats. Prioritize risks based on their potential impact.
• Craft cyber risk mitigation strategies, ensuring alignment with regulations (e.g., GDPR, ISO 27001, NIST/CIS Controls).
• Collaborate with clients to tailor cyber security solutions. Generate clear reports and presentations explaining risks and mitigation plans. Scope and propose solutions to clients.

MINIMUM QUALIFICATIONS

• Bachelor's degree in Information Security, Computer Science, or a related field, or equivalent practical experience.
• 10 years of experience in cyber security with a risk assessment focus.

PREFERRED QUALIFICATIONS

• Master's degree in a relevant field.
• Professional certifications in cyber security (e.g., CISSP, CISM, CRISC)
• Consulting and/or project management experience, and experience leading cyber security assessments, including Table-Top Exercises (TTX).
• Knowledge of security frameworks (e.g., ISO 27000, NIST CSF).
• Ability to present complex security concepts to varied audiences (e.g., technical and executive).
• Excellent communication and problem solving skills.

Our client a Large commercial bank is looking to hire IT Security Engineer.

Responsibilities:

• To support the team to conduct regular security assessment, e.g. regular security scanning, handling SPAM/Phishing incident, etc.

• To support and follow up the Threats & Vulnerability Management process.

• To support the new security related project team's administration and documents tasks, such as IAM, Cloud Adoption, STDB, etc.

• To support implementing the iCAST remediation and new CNCB and Regulatory Requirement

• To support the new security tasks for new projects initiatives, such as SIP & XDR antivirus management, Firewall Management Utility, etc.

• To support the enhancement on security tools, such as security scanning automations, PAMS script integrations, SIEM correlation rules, etc.
• As SME on Cybersecurity services to collaborate with application team for project scoping and delivery. 

• 2-3 year hands-on experiences on IT security tools and applications or software development

• Knowledge of the DevSecOps or similar agile development

• Experiences on HK FSI, banking industry is preferred

• Basic communications with English and Mandarin
• Following security best practices in performing tasks
• Degree holder (or above) which is related to Information Technology
• Fulfill HKMA ECF is preferable
• 1-2 years experiences on HK FSI, banking industry is preferred
• Basic knowledge on software programming and networking
• Sound knowledge on Software Development Life Cycle
• Developing and maintaining software application security policies and procedures
• Developing and maintaining documentation of application security controls
• Implementing software application security controls
• Designing technical solutions to address security weaknesses
• Analyzing system services, spotting issues in code, networks and applications

WHAT YOU WILL BE DOING:

• Deliver strong functional expertise, creativity, and entrepreneurial leadership to meet the business needs of the operations for Security and Safety .
• Strive to achieve optimum operating results while providing guests with the highest level of service and satisfaction
• Demonstrate and communicates key drivers of guest satisfaction for brand’s Target Customers.
• Ensure guest oriented & innovative operations approaches to ensure high standard of services for guests.

PaidRight exists to restore trust between employers and employees when it comes to pay. We envision a world where employee payment compliance is a given and payroll data drives business optimisation.

We are a small, well funded company that services some of the biggest names in the country and are currently looking for people to join our exciting team.

What you will do: 

• Conduct high level reviews of industrial relations legislation and instruments, particularly modern awards and enterprise agreements 
• Ability to identify ambiguities in industrial instruments and translate to simple questions/understanding 
• Implement and maintain databases with relevant industrial relations regulatory changes, legal cases and court decisions
• Improve on processes and databases
• Create content for industrial relations updates for online distribution
• Host industrial relations introduction sessions for new employees 
• Collaborate across teams and assist understanding of industrial relation laws

• Bachelor of Law 
• 2 years experience 
• Proven ability to interpret and apply legislation
• Proactive and able to work independently as well as part of a team
• Excellent attention to detail 
• Excellent written and verbal communication skills

We are a young scale-up with plenty of space for career development. You will be given every opportunity to learn and grow in a fast paced, growing company. We like to be social by having team lunches, dinners and our quarterly strategy sessions usually involve great social and cultural events.

Konica Minolta is innovative, robust and continually evolving. From printing, scanning and copying to solution services, cloud storage and robotics, our award-winning products and solutions help companies to transform and move information faster. Our people make this possible. As a Workplace Gender Equality Agency Employee of Choice, we offer workplace flexibility, support diversity and promote events and activities to support wellbeing. We strive to create and maintain an inclusive workforce as diverse and capable as our class-leading solutions. We actively encourage women and those from diverse backgrounds to apply for our roles.

About the role
The Security and Compliance Manager will have a “hands-on” role, governing the operations of the Security Operations Team, performing daily tasks and maintenance to security related systems, as necessary.  You will be responsible for coordinating and prioritizing activities for the Security Operations Team. This position will include membership in the Konica Minolta Global Security Council and would represent the APAC region.

• Establish and maintain the Security Operations governance framework, ensuring alignment with Company Objectives
• Lead team resources and provide oversight in the onboarding of technical solutions for managed clients.
• Establish internal project scope and design workflow solutions for our clients while ensuring client satisfaction throughout the entire process.
• Understand and improve IT Weapons Design and Build standards
• Participate in IT Weapons training and recommended certification paths
• Be an escalation point for the Service Desk and other Consulting teams at IT Weapons
• Perform system audits
• Analyze security data and reports
• Maintain managed security solutions (SIEM, AV, Firewalls, Anti-SPAM, Vulnerability Management tools)
• Perform security assessments
• Be available to assist team members 24/7 - on call based on rotating team schedule
• Be able to handle multiple assignments, manage priorities, and meet strict deadlines
• Have proven client-facing skills developed in a professional environment
• Have experience interacting with project stakeholders and vendors

Who are we looking for?

• D3+ years in networking and security related functions
• Experience with maintain security solutions.
• Experience with event analysis

As per Konica Minolta compliance procedures, the successful candidate will be required to undertake background checks.

What can KM offer you?
You will enjoy a collaborative team culture where you will be supported and empowered to contribute your ideas and identify opportunities to develop your team and yourself. We are dedicated to the values of diversity and inclusion and have a firm commitment to ethical practices and corporate responsibility.

Konica Minolta is committed to providing a working environment that is inclusive and fair to both women and men. Progressive policies such as our domestic violence policy; paid parental leave and flexible workplace policies enable our people to balance work and life responsibilities. We have been thrilled to receive a citation from the Workplace Gender Equality Agency (WGEA) as an Employer of Choice for Gender Equality 5 years in a row.

Equal Opportunities
We are committed to providing equal opportunities and actively encourage applications from all backgrounds to apply for our roles, regardless of gender, age, sexual orientation, ethnicity, religion or disability.
If you are require any adjustments/assistance during the recruitment process please reach out to careers@konicaminolta.com.au

Join our Team and thrive in an environment built on strong Collaboration, continuous Learning and personal Growth. Every day at Konica Minolta is an opportunity to share your Ideas, influence Change and engage with colleagues from diverse backgrounds and experiences.

About Us

Green Link Digital Bank is Singapore's inaugural wholesale digital bank focusing on supply chain finance, mainly serving MSMEs and aiming to help MSMEs grow and improve digitization.

We are seeking a highly motivated and detail-oriented IT Security Intern to join our team. The successful candidate will work closely with our IT Security team to ensure the confidentiality, integrity, and availability of our information systems. The IT Security Intern will be responsible for assisting in the development, implementation, and maintenance of security policies, procedures, and standards. The intern will also assist in the identification, analysis, and resolution of security incidents.

Duration: 6 months

Responsibilities

• Assist in the development, implementation, and maintenance of security policies, procedures, and standards.
• Assist in the identification, analysis, and resolution of security incidents.
• Assist in the development and delivery of security awareness training programs.
• Assist in the evaluation and testing of security technologies.
• Assist in the development and maintenance of security documentation.
• Assist in the monitoring and reporting of security metrics.

Requirements

• Currently pursuing a bachelor’s degree in Computer Science, Information Security, or a related field.
• Strong analytical and problem-solving skills.
• Excellent written and verbal communication skills.
• Ability to work independently and as part of a team.
• Knowledge of security technologies and concepts is a plus.
• Able to commit for a minimum of 6-months.
• Full-time interns preferred, but open to part-time interns of minimally 3 working days.

Global asset manager is looking to hire a paralegal to be part of the legal team. As part of a small collegiate team you will be responsible for a broad range of legal support including assisting with reviewing and commenting on a broad range of fund documents, legal documents and general agreements. You will also assist with some company secretarial matters and assist with other ad hoc legal matters. The successful candidate will possess approximately 3-6 years of relevant experience. Prior experience within asset management or funds experience gained with a law firm is preferred. Smart candidates wanting to reskill with other experience (such as general corporate) will be considered as long as they are willing to learn - training will be provided. Fluency in English and Chinese (spoken and written) is required.