Director, Head of Information & Cyber Security, Group Asset Management - Business Technology

About UOB

United Overseas Bank Limited (UOB) is a leading bank in Asia with a global network of more than 500 branches and offices in 19 countries and territories in Asia Pacific, Europe and North America. In Asia, we operate through our head office in Singapore and banking subsidiaries in China, Indonesia, Malaysia and Thailand, as well as branches and offices.

Our history spans more than 80 years. Over this time, we have been guided by our values – Honorable, Enterprising, United and Committed. This means we always strive to do what is right, build for the future, work as one team and pursue long-term success. It is how we work, consistently, be it towards the company, our colleagues or our customers.

About the Department

UOB Asset Management is a leading Asian asset manager with award-winning investment expertise in fixed income and equities. Headquartered in Singapore, we offer global investment management expertise to individuals, institutions and corporations from a regional network spanning Thailand, Malaysia, Brunei, Japan and beyond. Our comprehensive product suite includes innovative solutions covering retail unit trusts, exchange-traded funds and customised portfolio management services.

Job Responsibilities

We are looking for an Information and Cyber Security Lead. You will be part of the founding key team member, reporting to the Chief Information Officer (CIO) and working closely with team leads in the transformation of the business. If you are passionate about technology and digital transformation for business and want to be in a team where your views matter, learning and collaboration is part of the culture, please reach out and we would love to talk to you!

• Define and implement the Enterprise InfoSec (IS) landscape and roadmap.
• Architect and develop security solutions on on-premise and cloud platforms (AWS, GCP, or Azure) using cloud-native security services.
• Design and implement secure cloud architecture for various cloud platforms.
• Provide security advisory as a trusted partner and subject matter expert cloud platforms.
• Develop, maintain, and enhance IT Security checklists and guidelines.
• Manage third-party IS due diligence on service suppliers, including onsite assessments.
• Conduct Technology Security Risk Assessments on systems throughout their lifecycle to identify and mitigate security risks.
• Ensure compliance with security frameworks and processes such as CIS, NIST, PCI/DSS, SOC 2.
• Implement process improvements for effective IT Security risk management.
• Identify security risks in the Tech Obsolescence Risk program.
• Perform periodic risk analysis, vulnerability scanning, and testing.
• Drive enterprise initiatives for comprehensive security posture analysis across different layers and sources within the network environment.
• Respond to security incidents and manage incident response.
• Communicate with regulators such as MAS and ensure solutions meet external and internal requirements and guidelines.
• Conduct security awareness training and programs for employees.
• Stay updated on security trends and new threats to safeguard the organization.

Job Requirements

• Bachelor's degree in Computer Science, Information Technology, or a related field.
• At least 15 years of experience in Information Security and risk management, preferably in a large organization or financial services.
• Deep understanding of threat modeling and risk management principles.
• Strong understanding of financial services IS policies, regulatory trends, and good practices for providing recommendations.
• Excellent relationship-building, stakeholder management, communication, and influencing skills.
• Experience managing senior business stakeholders.
• Strong motivation and capability to drive initiatives and changes.
• Proactive leadership and teamwork skills.
• Relevant industry certifications (e.g., CISSP, CISM, CISA, CCSP).
• Excellent analytical and problem-solving abilities.
• Experience in team leadership, coaching, and mentoring.
• Knowledge of industry standards such as ISO 27001, MAS TRM, NIST, CIS, PCI/DSS, and SOC 2.
• Familiarity with security technologies such as firewalls, intrusion detection systems, and endpoint protection.
• Experience with security operations centers (SOC) and setting up SOC models.
• Strong program management background.
• Product-specific certifications such as MCSE, CCNA Security.
• Good knowledge of TCP/IP protocol.
• Ability to handle sensitive information with confidentiality and integrity.
• Experience in driving enterprise initiatives for E2E security posture analysis.
• Ability to work with subsidiaries and understand regional security requirements.

Be a part of UOB Family

UOB is an equal opportunity employer. UOB does not discriminate on the basis of a candidate's age, race, gender, color, religion, sexual orientation, physical or mental disability, or other non-merit factors. All employment decisions at UOB are based on business needs, job requirements and qualifications. If you require any assistance or accommodations to be made for the recruitment process, please inform us when you submit your online application.

Apply now and make a difference.