|Requisition ID 1419
Date Posted 08/22/2023
Department Information Technology - Shanghai
Closing on: September 12, 2023 at 11:59pm (China Standard Time)
Based in: Shanghai, China
Target Market: Global recruitment
PURPOSE OF ROLE
1. Information Security of the Information Technology Division (ITIS) of NDB is to develop and adopt strategy, standards, processes and technology to protect the confidentiality, integrity and availability of NDB information assets in a manner that is commensurate with their value and risk. ITIS maintains information security program to addresses the needs of the NDB’s business objectives.
2. ITIS needs an Information Security professional who is results oriented, multi-disciplined, and expertized in enterprise security technology and architecture. The role will report to Chief, Information Technology.
SPECIFIC RESPONSIBILITIES include but not limited to:
1. In accordance with NDB’s IT strategy and enterprise architecture, ensure information security into institutional initiatives.
2. Participate in establishing the process and related system of personal information and privacy security protection, following NDB’s policies.
3. Define, implement and manage information security in various stages of the IT project and operation management life cycle to ensure the security of the NDB systems and services.
4. Define, maintain and support NDB’s enterprise information security controls, architecture and technologies for business applications, on premise and cloud infrastructure, network and workspace in line with NDB information security policy and leading industry standards.
5. Provide subject matter expertise and work with IT and relevant business units to define information security requirements for business applications, infrastructure, network, workspace and data management that are in line with the enterprise information security architecture and technologies.
6. Interface with business units and IT stakeholders to identify requirements and assess their applicability on the information security enterprise architecture.
7. Assist business units in understanding and complying with the information security enterprise architecture, requirement and standard, from business and process perspectives.
8. Maintain an up-to-date understanding of emerging trends in information security architecture and technology; apply new techniques and trends that are in-line with overall information security objectives and risk tolerance of the NDB.
9. Assist in improving knowledge awareness of information security in the organization.
10. Interface with other members in ITIS team to gather identified information security risks. Develop risk profiles for enterprise-wide business applications, infrastructure, network, and workspace environment to identify areas where existing security architecture requires change or improvement.
11. Evaluate NDB current information security posture and propose mitigate and remediation plans to meet industry best practice and organizational requirements.
12. Assist in identification and implementation of services, tools and methodologies to improve overall security posture of NDB’s enterprise initiatives.
13. Document security architecture design review results and follow-up on implementation of recommended controls.
14. Participate in establishing the process and related system of personal information and privacy security protection, following NDB’s policies.
15. Participate in IT Supply & Demand process, including defining security requirements and evaluating cloud services, software/hardware solutions etc., in compliance with NDB Policies and standards.
|1. Minimum of 7 years of relevant professional experience in a multilateral development bank, global financial services organization or large corporate enterprise.
2. Master’s degree in computer science or information systems or engineering from a reputed university.
3. Good experience with industry proven security frameworks, such as NIST CSF, ISO 27000, COBIT, HITRUST, GDRP, ITIL, TOGAF, SABSA, etc.
4. Possession of industry certifications is highly preferred including, but not limited to, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Global Information Assurance Certification (GIAC), and Information Systems Security Management Professional (ISSMP).
5. Proficiency in threat modelling techniques, risk assessment methodologies, such as (OWASP) as applied to web and mobile platforms.
6. Hands-on experience of security architecture and techniques to assess the security posture of multiple layers of an organization’s technology environment.
7. Knowledge and experience of business processes, policies and procedures in the financial sector or multilateral development bank community or a similar institute is a plus.
8. Experience in leading enterprise security architecture design and implementation for a financial services organization or a similar institute of middle to large size with regional and international branch network or other organizations with comparable information security requirements is a plus.
9. Extensive knowledge of IT, enterprise architecture, software development life cycle, and information security platforms and applications. Strong analytical and critical thinking skills and meticulous attitude.
10. Demonstrated knowledge and experience of developing Business Risk Models by integrating contextual and conceptual security architecture requirements with logical, physical and component security requirements for business applications and data security needs in a large heterogeneous environment. Knowledge of risk assessment tools, technologies and methods (BIA, BCP, RCSA, etc.).
11. Demonstrated knowledge and experience of applying advanced techniques in developing security requirement, process, architecture, and protection for enterprise production environment including:
1) Application (penetration test, modern web, mobile, and application delivery platforms, vulnerability management, system integration, etc.)
2) Virtualization, cloud and on-premises infrastructure (Alibaba Cloud, Azure, AWS, public and private cloud security, high-availability, etc.)
3) Globally network connectivity (Firewalls, VPN, zero-trust network , CDN, etc.)
4) User workspace (Microsoft 365, AIP, EDR, intrusion detection, MFA, VPN, MDM/MAM, BYOD, etc.)
5) Data protection (DLP, content filter, data classification, etc.) as well as processes and technologies in the security identification, protection, detection, response and recovery cycle.
12. Proven experience with the following technologies or concepts:
1) MITRE ATT&CK Framework
2) Zero Trust & Secure Service Edge Architecture
3) Incident Management Frameworks and Procedures & Security Operations (SOC) models
13. Demonstrated knowledge and experience in information security management and operation including privilege access management, managed detection & response (MDR) and managed security service providers, security incident detection, response and recovery, threat intelligence, security monitoring and automation, certification management, data encryption, etc.
14. Demonstrated knowledge in Identity and Access Management (IAM), collaboration, account provisioning, role engineering, federation services. Hands-on experience in supporting Identity and Access Management products.
15. Sound knowledge of secure interfaces between heterogeneous systems using advanced web services such as SOAP, XML, WSDL and defining data models and security techniques on common database servers such as Oracle, MS SQL and MySQL.
16. Ability to develop specific proactive procedures for detection of security breaches.
17. Ability to evaluate the security fulfillment of service providers and technical solutions during the procurement and service management phase. Work with other related internal stakeholders and vendors to implement required security controls.
18. Ability to work well under pressure and timely meet deadlines. Demonstrates a high level of motivation, confidence, integrity and responsibility. Extensive experience in working collaboratively across multinational regional teams and drive problem solving challenges. Relevant experience in a multi-cultural work environment fostering a climate of teamwork and collaboration.
19. Project management skills and experience. Ability to lead, review and execute multiple strategic projects. Demonstrate excellent interpersonal skills; including the ability to work independently, effectively in a team/task force as a team member or leader, and with peer staff and managers in the unit and elsewhere.
20. Excellent written and verbal communication skills in English.
21. Good knowledge about IT service management (ITIL), project management (PMP), architecture, information security and governance process.
22. Ability to work in a multicultural work environment fostering a climate of teamwork and collaboration.