Are you passionate about offensive security, enjoy breaking down walls with an array of tools and techniques, and continuously learning about the offensive security world? We are seeking a dynamic Cyber & Offensive Security Risk to join our Data, Technology & Cyber Risk function. 

Primary Responsibilities: 

• Assist with the development, review, update and/or roll-out of cyber risk-related framework, policy, and initiatives to facilitate effective risk management and governance over cyber risk management. 

• Review and assess the extent of compliance with internal policies, procedures, standards and regulatory requirements. 

• Provide advisory, guidance and challenge to Business Units and Functional Units in their management of cyber risks to achieve their business objectives and within the Bank’s risk appetite. 

• Conduct independent assessments on the adequacy and effectiveness of control measures implemented by the 1st Line of Defence (FLOD), and recommend mitigation actions to address vulnerabilities, if any. 

• Provide recommendations and remediation strategies to address security vulnerabilities identified during offensive cyber activities. 

• Respond to enquiries and audits (i.e. internal, external and regulatory) pertaining to cyber risks.  

• Where required, collaborate with the Bank’s cyber incident response team to provide advice and/or support during security incidents and cyber-attacks. 

• Support cyber risk awareness training across the Bank, fostering cyber risk awareness and a security-conscious culture. 

• Support key activities for cyber & offensive security risk and infra & application security risk function. 

• Stay abreast of emerging cyber threats, vulnerabilities, attack techniques, and regulatory developments to proactively address potential cyber risks, and assist the Management (and/or Board) understand potential concerns or risks that might impact the Bank. 

​ 

Qualifications: 

• Bachelor’s degree in Computer Science, Information Security or a related field.  

• Minimum of 7+ years’ experience in any of these disciplines: offensive security, information security, risk management or compliance in related areas. 

• Professional certification such as CISSP, CCSP, CGRC, CISM, CISA, CRISC, CompTIA PenTest+, Offensive Security (e.g. OSCP, OSCE, OSWE & OSWP), SANS (e.g. GXPN, GWAPT, GPEN & GMOB), Zero-Point Security and/or CREST would be advantageous. 

• Sound knowledge in regulatory requirements around technology risk and cyber resilience. 

• Knowledge of network protocols, operating systems, application security and cloud security. 

• Possess strong verbal and written communication skills, and capable of engaging senior stakeholders. 

• Clear analytical thought process and good understanding of emerging technological developments and risk management frameworks.