As Singapore’s longest established bank, we have been dedicated to enabling individuals and businesses to achieve their aspirations since 1932. How? By taking the time to truly understand people. From there, we provide support, services, solutions, and career paths that meet their individual needs and desires.
Today, we’re on a journey of transformation. Leveraging technology and creativity to become a future-ready learning organisation. But for all that change, our strategic ambition is consistently clear and bold, which is to be Asia’s leading financial services partner for a sustainable future.
We invite you to build the bank of the future. Innovate the way we deliver financial services. Work in friendly, supportive teams. Build lasting value in your community. Help people grow their assets, business, and investments. Take your learning as far as you can. Or simply enjoy a vibrant, future-ready career.
Your Opportunity Starts Here.
Make your mark securing OCBC
Join the Technology Information Security Office (TISO) to strengthen our cyber resilience by driving a risk‑based Vulnerability Management (VM) programme across infrastructure, applications and third‑party ecosystems. You’ll coordinate enterprise testing activities, prioritise remediation, and provide executives with the insight to make faster, better risk decisions.
Key Responsibilities:
Plan & Govern
Coordinate and manage the Bank’s annual offensive‑security activities—including Penetration Testing (PT), Bug Bounty and Red Teaming—across in‑scope business units and platforms.
Issue testing notifications and communications to the right stakeholders (e.g., IT Custodians, TCC and CSOC) for production/DR testing to ensure safe, well‑governed execution.
Maintain policy, standards and runbooks for vulnerability identification, validation, exception handling and risk acceptance.
Assess & Prioritise
Run and mature an enterprise VM cadence (scanning, validation, severity/risk scoring), leveraging risk‑based prioritisation (e.g., asset criticality, exploitability, threat intel) to focus on what matters most.
Track and monitor the bank’s external security posture via approved external risk monitoring vendors and translate findings into clear action plans.
Remediate & Report
Disseminate vulnerability and testing findings to owners; chase to closure against defined SLAs and escalate material risks with data‑driven rationale.
Drive fix‑verification (retest), exceptions governance, and trend analytics (e.g., MTTR, recurring findings, patch compliance) for continuous improvement.
Collaborate & Communicate
Partner with platform teams, application owners, CSOC and risk/compliance on remediation strategies and compensating controls.
Prepare concise dashboards and executive updates for management and risk committees, brief on notable threats, exposures and residual risk.
Key Qualifications:
Degree in Computer Science, Information Security, or related field; CISSP or equivalent professional certification.
Experience: Manager (3–5 years); Assistant Vice President (5–8 years) in relevant IT/cybersecurity functions (vulnerability management, penetration testing coordination, or security engineering).
Hands‑on experience running or coordinating enterprise VM cycles (discovery → assessment → remediation → verification) and working with engineering teams to close findings.
Strong understanding of infrastructure and application vulnerabilities, common misconfigurations, and patch/upgrade workflows across Windows/Linux, network, middleware, and cloud.
Clear communicator—able to turn technical findings into business‑impact narratives and influence outcomes across multiple stakeholders.
Familiarity with VM and attack‑surface tools and concepts (e.g., scanner platforms, EASM, exploitability signals) and CI/CD or cloud change pipelines.
Exposure to offensive‑security activities (PT, red teaming, bug bounty triage) and coordinating safe‑to‑test controls.
Security certifications such as OSCP, GPEN, GWAPT, GCSA, CEH or equivalent.
Scripting skills (Python/PowerShell) for automation and reporting.
Competitive base salary. A suite of holistic, flexible benefits to suit every lifestyle. Community initiatives. Industry-leading learning and professional development opportunities. Your wellbeing, growth and aspirations are every bit as cared for as the needs of our customers.
Similar Jobs
What We Do
OCBC is the longest established Singapore bank, formed in 1932 from the merger of three local banks, the oldest of which was founded in 1912. It is now the second largest financial services group in Southeast Asia by assets and one of the world’s most highly-rated banks, with an Aa1 rating from Moody’s. Recognised for its financial strength and stability, OCBC is consistently ranked among the World’s Top 50 Safest Banks by Global Finance and has been named Best Managed Bank in Singapore by The Asian Banker. OCBC and its subsidiaries offer a broad array of commercial banking, specialist financial and wealth management services, ranging from consumer, corporate, investment, private and transaction banking to treasury, insurance, asset management and stockbroking services. OCBC’s key markets are Singapore, Malaysia, Indonesia and Greater China. It has more than 570 branches and representative offices in 19 countries and regions. These include about 300 branches and offices in Indonesia under subsidiary Bank OCBC NISP, and over 90 branches and offices in Mainland China, Hong Kong SAR and Macau SAR under OCBC Wing Hang. OCBC’s private banking services are provided by its wholly-owned subsidiary Bank of Singapore, which operates on a unique open-architecture product platform to source for the best-in-class products to meet its clients’ goals. OCBC's insurance subsidiary, Great Eastern Holdings, is the oldest and most established life insurance group in Singapore and Malaysia. Its asset management subsidiary, Lion Global Investors, is one of the largest private sector asset management companies in Southeast Asia.
