The Security Innovation, Hygiene & Advisory role is pivotal in strengthening our organization’s overall security posture. This position focuses on driving security awareness, ensuring robust identity governance, and researching emerging security technologies that support our Cyber Centre of Excellence. The ideal candidate will blend technical expertise with strategic vision to advise senior leadership, develop effective security policies, and foster a culture of security hygiene across the organization.

Key Responsibilities

Security Strategy and Group Assessments

• Support regular group assessments to evaluate security risks, security maturity and compliance gaps across SCBX Group.

Policy, Procedures, Standards & Guidelines

• Support the development, review, and update of security policies, procedures, standards, and guidelines to ensure robust organizational controls.
• Regularly update documentation to reflect the evolving threat landscape and regulatory requirements.

Security Consultation

• Lead conversation with senior leadership across SCBX Group and provide value-added insights to delivered outcome.
• Develop a comprehensive proposal and project plan that secures buy-in from senior stakeholders, while establishing an effective delivery approach for the working group to ensure successful project delivery and valued outcomes.
• Embrace creative problem-solving and flexible approaches to navigate challenges, ensuring that critical outcomes are consistently achieved while effectively managing obstacles.
• Provide expert guidance and recommendations to internal and external stakeholders on the best security practices and solutions to address operational and compliance issues.
• Recommend improvements for security governance and operational resilience

Security Awareness & Training

· Develop and manage security e-learning programs, newsletters, and knowledge-sharing initiatives to enhance employee awareness.

· Conduct phishing drills and security simulations to assess and improve employee resilience against cyber threats.

· Design specialized training for executives and high-risk users to enhance their understanding of emerging threats and security best practices.

· Implement interactive learning methods such as gamification, security awareness series, real-world security challenges to encourage participation, on-site engagements to reinforce security culture.

Digital Identity

· Assist in Identity Governance & Administration (IGA) by supporting policy enforcement, identity lifecycle management, and compliance monitoring.

· Support Access Management by integrating authentication mechanisms such as SSO, MFA, and adaptive access controls into enterprise systems.

· Contribute to Role Management, ensuring structured RBAC/ABAC models and periodic access reviews.

· Help implement Privileged Access Management (PAM) controls, monitoring privileged user sessions, and enforcing security best practices.

· Assist in Identity Integration & Directory Services, ensuring seamless identity synchronization and federation across cloud and on-prem systems.

Security Innovation

· Research and evaluate emerging cybersecurity technologies, AI-driven security analytics, and automation tools, conducting PoCs to assess feasibility.

· Explore AI-driven security solutions for threat detection - prevention, and automated security operation to enhance cybersecurity resilience.

· Provide strategic insights to align security innovations with digital transformation, FinTech, and cloud security initiatives across subsidiaries.

· Partner with internal teams, vendors, and industry leaders to benchmark security advancements and drive innovation initiatives.

Qualifications

· Minimum of 5+ years in information security consultancy, with a proven track record in security assessment, identity & access and data security.

· Experience in conduct IAM solutions, including IGA, identity assessment – planning, access management, PAM, and identity integration within enterprise environments.

· Demonstrates a deep understanding of global security frameworks, such as NIST, ISO 27001/27002, PCI-DSS, BOT and CIS Controls.

· Extensive experience in conducting large-scale security assessments, performance measurements, risk management, and security strategy development that align with organizational objectives.

· Relevant certifications such as from identity products or equivalent are highly desirable.