• Provide advice on the risk, secur

• Provide advice on the risk, security implication and mitigation control on the running IT applications and related IT processes within the context of any compliance undertaking, to ensure that running IT application and related processes are managed with appropriate approved security controls consummate with the business risk. Work with all relevant areas to carry out comprehensive risk assessment for identifying potential and actual risks to security and privacy of information.
• Participate in Security Testing for the bank’s critical applications. This is to identify vulnerabilities and provide preventive and corrective solutions to related parties.
• Participate in the project to perform enterprise control self assessment (CSA) in IT security and implement IT security training program to promote security awareness and close the gap identified from CSA.
• Participate in security of source code review for the bank’s critical applications to identify the vulnerabilities at the source code level.
• Involve in the project life cycle from requirements, analysis, development, migration, testing, training and implementation through post-implementation and provide advice and implementation of security issues arising from the use, development, and implementation of information system. Involve in the implementation, tailoring and ongoing maintenance of security products.
• Lead in the implementation of security related projects driven by business units, internal IT, regulatory and by HO requirements.
• Remain informed on trends and issues in the security industry, including current and emerging technologies and process. Maintain awareness of changes in security risks, security measures, and computer system.
• Initiate and facilitate continuous work improvements.
• Perform other duties as assigned with accuracy and effectiveness. Investigate Audit