About The Company
KGI Securities is a leading multi asset brokerage firm with presence across several countries in Asia and a pioneer member of the Securities & Derivatives, Trading and Clearing Member of Singapore Exchange, ICE Futures Singapore and ICE Clear Singapore.
We hold a Capital Markets Services License, is regulated by the Monetary Authority of Singapore (MAS) and is also an equal opportunity employer.
About The Job
The IT Security will be involve in overseeing cyber governance and risk management, including developing and implementing security policies and standards. It includes ensuring compliance with industry regulations and standards, coordinating penetration testing, and tracking vulnerability remediation.
This position also entails identifying and assessing cyber risks, maintaining user awareness, and coordinating security training, acts as a key contact for senior management and regulatory inquiries, manages audit findings' remediation, and conducts disaster recovery exercises.
Key Responsibilities:
- Provide cyber governance and risk management oversight.
- Develop, manage, and implement the security policy framework and relevant standards.
- Manage and ensure security governance and compliance with industry and regulatory regulations (e.g., ISO27001, NIST, MAS TRMG, MAS Outsourcing guideline, MAS Cyber hygiene).
- Coordinate penetration testing to comply with local regulatory requirements and escalate material security risks to relevant forums.
- Track remediation status of identified vulnerabilities.
- Identify and assess cyber risks, recommend and drive cyber security solutions and initiatives.
- Maintain user cyber awareness and provide security advisory on emerging security threats and vulnerabilities.
- Coordinate security awareness training programs for staff.
- Act as the single point of contact in responding to inquiries from senior management and regulatory bodies, including internal and external audit exams.
- Ensure all audit findings are remediated and independently validated within agreed timeline.
- Conduct annual disaster recovery exercises with internal and external parties.
- Routinely assess existing infrastructure, systems, and applications for compliance and vulnerabilities.
- Develop and implement identity and access management policies and procedures.
- Monitor and audit user access activities for compliance and security.
- Manage user access rights and permissions across systems and applications.
- Monitor security alerts and incidents, investigate and respond to security breaches and incidents.
- Manage security incidents according to established protocols and procedures, maintain security incident response plans and playbooks.
- Develop, maintain, and manage the Business Continuity Program, liaising extensively with all department operations, combining efforts into a single business continuity plan, and ensuring compliance with regulatory requirements, industry standards, and overall Risk Management requirements.
- Conduct thorough due diligence on all third parties to ensure compliance with MAS outsourcing guidelines and operational risk management guidelines.
Qualifications and Skills:
- 5 years relevant experience in Information security.
- Familiar with MAS Technology Risk Management Guidelines, MAS Cyber Hygiene Notice and MAS Outsourcing guideline.
- Strong problem solving and analytical skills.
- Familiarity with SIEM tools such as Splunk and vulnerability assessment tool such as Tenable Nessus.
- Strong oral, written, presentation and inter-personal skills.
- Ability to thrive under pressure, function and deliver effectively in a fast-paced environment.
- Professional security certifications (CISSP, CISA, CEH etc) preferred.
- Undergraduate degree or Technical Certificate; Graduate degree, preferred.
