Total 6 Legal / Public / Security job vacancies in City of London, London, EC2V 6DN

Are you passionate about offensive security, enjoy breaking down walls with an array of tools and techniques, and continuously learning about the offensive security world? We are seeking a dynamic Cyber & Offensive Security Risk Lead to join our Data, Technology & Cyber Risk function.

Job Description:

The Cyber & Offensive Security Risk Lead will assist the Chief Information Security Officer to establish and maintain robust governance and oversight over the effectiveness of cyber risk management to ensure that the Bank’s technology and information assets are adequately protected.

Primary Responsibilities:

• Assist with the development, review, update and/or roll-out of cyber risk-related framework, policy, and initiatives to facilitate effective risk management and governance over cyber risk management.
• Review and assess the extent of compliance with internal policies, procedures, standards and regulatory requirements.
• Provide advisory, guidance and challenge to Business Units and Functional Units in their management of cyber risks to achieve their business objectives and within the Bank’s risk appetite.
• Conduct independent assessments on the adequacy and effectiveness of control measures implemented by the 1st Line of Defense (FLOD), and recommend mitigation actions to address vulnerabilities, if any.
• Lead Red Team (offensive cyber) activities to proactively simulate real-world cyber-attacks on the Bank’s security controls to identify and exploit security weaknesses and vulnerabilities.
• Provide recommendations and remediation strategies to address security vulnerabilities identified during offensive cyber activities.
• Establish relevant Key Risk Indicators (KRIs) and metrics to monitor and measure cyber risk exposures.
• Prepare and present cyber risk reports to Senior Management and relevant committees, highlighting key findings, trends and/or recommendations.
• Respond to enquiries and audits (i.e. internal, external and regulatory) pertaining to cyber risks.
• Where required, collaborate with the Bank’s cyber incident response team to provide advice and/or support during security incidents and cyber-attacks.
• Conduct cyber risk awareness training across the Bank, fostering cyber risk awareness and a security-conscious culture.
• Stay abreast of emerging cyber threats, vulnerabilities, attack techniques, and regulatory developments to proactively address potential cyber risks, and assist the Management (and/or Board) understand potential concerns or risks that might impact the Bank.

Qualifications:

• Bachelor’s degree in computer science, Information Security or a related field.
• Minimum of 15 years’ experience in any of these disciplines: offensive security, information security, risk management or compliance in related areas.
• Professional certification such as CISSP, CCSP, CGRC, CISM, CISA, CRISC, CompTIA PenTest+, Offensive Security (e.g. OSCP, OSCE, OSWE & OSWP), SANS (e.g. GXPN, GWAPT, GPEN & GMOB), Zero-Point Security and/or CREST would be advantageous.
• Sound knowledge in regulatory requirements around technology risk and cyber resilience.
• Knowledge of network protocols, operating systems, application security and cloud security.
• Possess strong verbal and written communication skills, and capable of engaging senior stakeholders.
• Clear analytical thought process and good understanding of emerging technological developments and risk management frameworks.

Perks & Benefits

• Allowance (transportation, parking etc.)
• Nearby public transport
• Smart casual dress code
• Medical insurance
• Annual leave, Birthday Leave etc

REQUIREMENTS:

• Minimum Diploma/Degree in Accounting, LCCI or related qualification.
• Preferably with two(2) years working experience in accounting field.
• Ability to handle full set Accounts will be an added advantage.
• Proficiency in English, Bahasa Melayu and Chinese language.
• Proficient in MS Word and Excel.
• Knowledge of UBS accounting software and added advantage.

RESPONSIBILITIES:

• Manage data entry, report generation, payment reconciliation etc.
• Handle day-to-day finance & administrative matters and documentation.
• Assist and participate in account matters and yearly tax computation.
• Assist in ad-hoc tasks as and when needed.

Perks & Benefits

• Casual dress code
• Free snacks / Happy hours
• Paid training and development

REQUIREMENTS:

• Candidate must possess at least Degree in Accounting, Finance or Business or Professional Degree.
• Minimum 3 years of working experience in accounting and finance.
• Familiar with UBS/Accounting software an added advantage.
• Required skill(s): Microsoft Excel, Word & Accounting Software
• Only Malaysian candidate may apply.
• Able to converse in English, Malay and Chinese as needed to liaise with Chinese speaking associate.

RESPONSIBILITIES:

• Prepare full set accounts and analyzing financial reporting and cash flow forecast.
• Preparation of yearly Management Budget, Cash Flow Projection and review project feasibility study.
• Prepare and handle audits with Auditors.
• Assist in yearly tax computation and review estimated tax payable for submission to LHDN.
• Monitor daily operation works done by the Account Assistant.
• Assist in preparing ad-hoc reports as at when required.

Perks & Benefits

• Casual dress code
• Free snacks / Happy hours
• Paid training and development

要求：

• 候選人必須至少擁有會計、金融或商業學位或專業學位。
• 至少 3 年會計和財務工作經驗。
• 熟悉 UBS/會計軟體者優先。
• 所需技能： Microsoft Excel、Word 和會計軟體
• 只有馬來西亞候選人可以申請。
• 能夠根據需要用英語、馬來語和中文交談，以便與講中文的同事聯絡。

職責：

• 準備全套帳目並分析財務報告和現金流量預測。
• 編制年度管理預算、現金流量預測並審查專案可行性研究。
• 與審核員一起準備和處理審核。
• 協助計算年度稅款並審查提交給 LHDN 的預估應付稅款。
• 監控客戶助理的日常運作工作。
• 需要時協助準備臨時報告。

津貼和福利

• 休閒著裝要求
• 免費小吃/歡樂時光
• 有薪培訓和發展

要求：

• 最低會計文憑/學位、LCCI 或相關資格。
• 最好具有兩（2）年會計領域的工作經驗。
• 能夠處理全套帳戶將是一個額外的優勢。
• 精通英語、馬來語和華語。
• 精通 MS Word 和 Excel。
• 了解瑞銀會計軟體並增加優勢。

職責：

• 管理資料輸入、報表產生、付款對帳等。
• 處理日常財務和行政事務以及文件。
• 協助並參與帳戶事務和年度稅款計算。
• 在需要時協助執行臨時任務。

津貼和福利

• 休閒著裝要求
• 免費小吃/歡樂時光
• 有薪培訓和發展

責任

✍ 負責與網路安全要求和新興相關ICT技術相關的端到端整體解決方案和服務活動，以實現最佳水準的網路安全機密性、完整性和可用性標準。
✍ 負責網路安全指南、基準、標準和流程的持續維護、監控和更新。這包括預測成長以確保可擴展性，評估基準、觀察或其他行業最佳實踐帶來的增強價值，並在需要時納入變更。
✍ 負責建立和維護業務工作流程和技術的現況和未來安全流程和工作指導。
✍ 開發並推薦知識開發以及文件化實務和工程知識抵押品的創建。
✍ 技術專家提供全面的解決方案和工程，以建構技術解決方案的技術要求。
✍ 提供IT 解決方案工程和設計建議的IT 安全諮詢和審查服務，以確保解決方案符合IT 安全要求，從而保護客戶的IT 基礎設施和系統。
✍ 提供適用於各種開發技術的技術專業知識和諮詢。
✍ 負責為客戶的整個網路和系統基礎設施分析、評估和推薦最佳的資訊安全技術和解決方案。
✍ 負責從安全角度和角度進行符合客戶安全控制和基線的解決方案評估、POC、UAT。
✍ 就資訊安全問題提供建議和諮詢，並為各個內部團隊和部門提供建議。
✍ 對新出現的內部和外部威脅、技術趨勢和減輕 IT 安全風險的方向進行研究和環境掃描，並透過跨 IT 部門和職能部門的協作進行評估，以改善 IT 安全基礎設施和服務。
✍ 規劃、研究、分析、評估和推薦資訊安全技術解決方案、方向和採用。
✍ 研究和開發新的資訊安全技術以改善和創造商業機會。
✍ 與外部 IT 安全專家和其他 IT 組織建立和維護策略關係/網路和協作，以衡量和改善客戶向利害關係人提供的網路安全基礎設施服務。

要求

✍ 電腦科學、資訊系統、工程學、軟體工程或任何相關學科的學士學位。
✍ 在技術相關領域擁有約 8-10 年的經驗，並具有相關 IT 安全領域和工程的具體專業知識。
✍ 具有撰寫和支援策略性商業策略的經驗，並具有以業務為中心的心態。
✍ 清楚地了解如何根據特定的架構原則將安全架構和設計轉化為詳細的技術組件。
✍ 此角色需要掌握安全工程生命週期並了解企業安全架構環境。
✍ 網路安全治理、指南和風險以及網路安全解決方案領域的基礎知識。
✍ IT 網路的基礎知識以及對 OT 和物聯網架構和工程的更好理解。
✍ 具有強化練習和技術合規性保證練習的經驗。

工作亮點

✅ 僅限馬來西亞本地人。
✅ 每週工作 5 天，採用混合工作安排。
✅ 極佳的成長和職涯發展機會。
✅ 有競爭力的薪資待遇。
✅ 偉大的跨國公司（能源部門）工作文化。