The Senior Officer, Information Security & Infrastructure is responsible for supporting the development, implementation, and maintenance of the organization’s information security governance, risk management, and compliance framework. This role ensures the confidentiality, integrity, and availability of information assets in compliance with regulatory requirements and recognized industry standards. Develop, review, and maintain information security policies, procedures, and standards in line with organizational and regulatory requirements. Ensure compliance with applicable laws, regulations, and industry frameworks such as ISO 27001, NIST, and PCI DSS. Support the organization-wide implementation of information security controls and policies. Conduct periodic information security risk assessments and monitor risk mitigation plans. Perform internal security audits and compliance assessments, and track remediation actions. Support incident response activities, including investigation, containment, recovery, and reporting. Develop and deliver information security awareness and training programs. Coordinate with internal teams, vendors, and stakeholders on information security matters. Perform other duties as assigned by the Line Manager.
Design and build technical and functional system follow the Business Requirement. Transform the business requirement into technical solution design and system architecture design. Develop and build the system application following the bank policy and procedure. Develop new applications or make enhancements according to business needs. Utilize programming principles, tools, and techniques to write application codes. Plan, coordinate and execute development activities to ensure timely completion. Ensure development deliverables meet business requirements. Perform code reviews to identify basic technical and logical errors. Resolve application development issues in a timely manner. Adhere to the ASB’s policies and regulatory standards. Ensure the all documentation are in place including, source-code, solution design, trainings materials and so forth. Others assigned by Line Manager
Quarterly ID access review (communicate the list of user IDs to all departments, sections or units for review) Monthly user access review with HR Create, amend and revoke the user access ID from the system Transaction adjust/deletion from AFIS and CCI system Manage and support daily request/incident Communicate with end-user to understand their request Resend Billing to customers that haven’t received Reset password, un-lock user of AS400, CCI, AFIS, MonSys, AD, CRC and others. Resolve the known issues which always occur such as IP address, Office 365, Team, VPN, WebSite, Email Escalate the issues to relevant sections: system operation, system development, infrastructure and information security if required Answer phone and respond the email timely manner Share knowledge, assign tasks and support team Others assigned by Line Manager