Are you looking for a job at a US bank in Singapore right now? You stand a good chance of getting hired if you work in...cyber security. American banks are at the forefront of a new cyber security hiring drive in the Republic – one which is stretching the local talent pool to breaking point and forcing banks to boost pay, recruit from vendors, relocate overseas candidates, and retrain existing employees.
“While a lot of banks are expanding in cyber security in Singapore, the most specialised hiring is at JP Morgan, Citi and BAML. They have the best teams, with different specialisations around cyber security technologies, both on defence and intelligence,” says a Singapore-based cyber security expert who asked not to be named. Sought-after jobs include cyber security operations, risk, and threat intelligence, as well as roles in security engineering, data-leak protection, identity and access management, and policy management.
Cyber security jobs have become more in demand this year as banks expand their digital platforms while tackling the growing threat of attacks targeting Singapore. In July, the city state suffered its worst ever data breach, affecting the records of 1.5m hospital patients. Banks are also facing increasingly vigorous regulations, such as the Cybersecurity Act, which came into force in September as a new framework for monitoring and reporting threats. That same month, the Monetary Authority of Singapore proposed to make its existing set of six cyber security guidelines legally binding on financial institutions. “Banks are also self-regulating more – building additional layers of security to protect themselves from global threats,” says Clarence Quek, a strategic account director at recruiters Randstad.
Meanwhile, the threat to American banks in Singapore is often at a higher level than some of their rivals, says the industry expert. “There are generally more attacks on American banks compared to a local bank like OCBC, for example. Geo-political issues help define cyber security strategies, not just local regulations,” she adds. “US banks could be targeted here and globally from hackers located in, say, the Middle East or North Korea.”
The “big challenge” faced by all banks in Singapore is how to find enough people to fill their cyber security vacancies, says Pam Lim, an associate manager at recruiters Morgan McKinley. Until recently, Singapore’s universities were not producing many graduates who could slot into cyber security roles, and this has created a shortage of experienced talent now that the job market is booming.
Skill shortage are most severe for tech-based roles (including cloud security, penetration testing, DevSecOps, perimeter security, malware engineering, and security engineering) rather than governance ones, says April Jimenez, a senior consultant at recruiters Huxley. “Banks face challenges hiring senior cyber security experts who have both the technical skills and business acumen necessary to plan for threats unique to their business,” adds Quek. “The current small talent pool is usually either very technical or very business focused.”
Salaries in Singapore cyber security are, predictably, on the up. If you’re a cyber security technologist moving between banks, you should expect a healthy pay rise of between 15% and 20%, say recruiters. Senior cyber security engineers in specialist fields could even enjoy increases of 25% to 30%, adds Jimenez.
But banks in Singapore aren’t just filling their ranks by upping pay and poaching from rivals. They’re also encouraging staff from other functions, especially junior to mid-level infrastructure engineers, to move internally into cyber security roles, says Lim from Morgan McKinley. “Cyber security operations is the easiest route into cyber security, and it’s also the role most open to infra engineers,” adds Jimenez from Huxley.
Banks, especially US ones, are also taking on people from security software providers such as Kaspersky and FireEye. “They have the rigorous security engineering experience and can already think out of the box – as compared to ex-infrastructure engineers who need to be trained up,” says Jimenez.
Overseas hiring – especially from the US and UK, which have far larger cyber security talent pools – is taking place, but is restricted by the recent tightening up of Singapore’s Employment Pass rules. “Singapore-based banks will always try to hire locally first. But in the case of very niche roles which deal with the latest technology that doesn’t even exist in Singapore yet, they may look for global experts,” says Quek from Randstad.
Have a confidential story, tip, or comment you’d like to share? Contact: firstname.lastname@example.org
Image credit: zak00, Getty