Who we're looking for
A specialist to provide technical and non-technical information security consultancy services to the Schroders business units, IT and digital strategy. Reporting to the Head of Information Security APAC, the role necessitates an ability to champion the security team to influence senior business representatives and to engage with internal stakeholders in all areas of digitalisation, technical and non-technical information security. About Schroders
We're a global investment manager. We help institutions, intermediaries and individuals around the world invest money to meet their goals, fulfil their ambitions, and prepare for the future.
We have around 4,000 people on six continents. And we've been around for over 200 years, but keep adapting as society and technology changes. What doesn't change is our commitment to helping our clients, and society, prosper. The base
This role will be based in Singapore The team
The Schroders Global Information Security function ensures our business is able to operate safely in a dynamic threat and technological environment by effectively managing the risks to its information assets. To achieve this aim, the function contains teams responsible for Cyber Security, Insider Security, Information Risk Management, Technology Risk and the Information Security Change Programme. What you'll do
- Provide advice and guidance on how to minimise the impact to the business of potential threats to the network, systems or information assets
- Liaise with potential or current partners and suppliers to the business and evaluate the information security levels of the company, products and our digitalisation.
- Assist and provide security advisory to business stakeholders, project managers, digital/third party fintech officers and solution architects through the lifecycle of a project related to project and business change.
- Assist and provide security recommendation and solutions that enable our digital products and services footprints be rolled out.
- Investigate the vulnerability of the business to potential malicious attacks and recommend defensive actions.
- Support the business in their reply to client's request for proposal and review client contracts for reasonableness.
- Support and provide security advisory to the business in the engagement of third-party services (including digital services) by providing our security requirements and recommendation that meet regulations, review security aspect of the service level agreement, and highlight any security risks in the course of the assessment.
Policy, Standards, Procedures and Guidelines:
- Ensure that information security policies are implemented, enforced, monitored and complied with and to ensure the business embraces a culture of Information Security.
- Develop and ensure data security procedures are approved that provide the more detailed steps that service areas need to adhere to in order to implement that data security policies.
- Drive ongoing improvements to the security consultancy, vendor risk management process and supporting tooling
- Work with Enterprise and Infrastructure Solution Architects to advice on all Information Security Risks with regards to infrastructure, changes to processes or project/digital implementations. To critique the high- and low-level designs within projects. Working on all such projects throughout their lifecycle to ensure the business meets regulatory requirements by providing recommendation and solutions.
- Taking timely action resulting from any risk assessment recommendations. This may involve liaison with other departments, partners or suppliers. It is essential to keep the Head of Information Security APAC and the CISO informed if there are any issues of non-compliance.
- Conduct periodic and new vendor risk assessment on behalf of our business to highlight the security risks to the business.
Keep abreast of data security trends:
The knowledge, experience, and qualifications you'll need
- Be aware of current and possible future trends in information security and take into account current business procedures, to define and develop procedures and policies for appropriate and secure use of the businesses IT systems.
- Adherence to standards, including ISO27001, NIST and Information Technology, PCI-DSS and Infrastructure Library (ITIL)
The knowledge, experience and qualifications that will be good to have
- Minimum 2 years' experience working on security technologies in an advisory or consulting role within financial industry or a large global organisation
- Experience in producing quality reporting and documentation.
- Experience in designing and reviewing IT and Security Architecture.
- Knowledge of IT networking and infrastructure.
- Knowledge of application security and secure coding practices.
We're looking for the best, whoever they are
- Certification in SABSA, NIST, COBIT or ISO27001
- Knowledge of Azure and Amazon Web Services Cloud technologies.
Schroders is an equal opportunities employer. You're welcome here whatever your sex, marital status, ethnic origin, sexual orientation, religious belief or age.