As an IT Officer (Security Governance and Architecture), you will oversee the cybersecurity safeguards throughout the system development life cycle (SDLC) for ADB's IT systems and services. You will work closely with other teams in ITD and business users of ADB's systems to ensure they understand the security requirements and enforce the agreed security controls.
Responsibilities:
Facilitate the end-to-end security clearance process for new solution deployments and IT projects by working closely with project/deployment teams to understand the security architecture, draft the security clearance checklist by identifying applicable security controls based on the nature of the IT project/solution and guide on how to fulfill these requirements.
Oversee the end-to-end security testing process for ADB's business applications and underlying infrastructure to ensure that security findings are addressed, well-documented, and remediated.
Assess the day-to-day IT change requests (e.g. system enhancements) and ad-hoc consultations from ITD teams and advise applicable security requirements.
Work closely with project/deployment teams, change administrators, and other relevant teams to guide compliance with security requirements.
Work closely with ITD risk focal and action owners to monitor the closure of operational risks identified (e.g., due to non-compliance with security requirements).
Operate security tools/platforms (e.g. web application firewalls) and assist in the enhancement/replacement of these tools.
Prepare technical evaluation criteria for evaluating security solutions and facilitate request for proposals and proof-of-concept tests.
Support the cyber security due diligence process of third-party technology solution/service providers.
Develop, update, or revise cybersecurity architecture standards, guardrails, and processes.
Develop security training materials, such as presentations and handouts.
Identify opportunities to improve or strengthen security controls or processes in own areas of work.
Assist in conducting risk assessments from a security architecture perspective.
Take up other duties and tasks as assigned.
Requirements:
Bachelor's degree in any IT-related domains, such as Information Systems Management, Information Security, or Computer Science preferably with advance training.
At least 8 years relevant work experience in IT Security. Relevant certifications in IT security / governance such as CISSP, CISA, CISM, GSEC are highly favored.
Knowledge in cybersecurity and IT governance frameworks and standards such as NIST CSF, SWIFT CSCF, CIS, COBIT, ITIL, and ISO 27000 series. Actual experience in their implementation and operation is an advantage.
Fundamental knowledge of cloud computing technologies, such as Microsoft Azure, Amazon Web Services. Relevant experiences and / or certifications are an advantage.
Basic knowledge about penetration testing methodologies, tools and findings (such as those from OWASP). Actual experience and / or certifications (such as those from Offensive Security or GIAC) are an advantage.
Demonstrated critical thinking skills to perform security analysis needed in the design, review, or assessment of system architecture, application functions and IT infrastructure.
Strong communication and interpersonal skills and ability to operate in a matrixed environment, and the ability to articulate / present ideas in a verbal or written context.
High attention to details and a methodical approach to daily tasks.
Proficiency in productivity tools like Microsoft 365, Power Platform.
