Perform system administration related duties including advise, analyze, plan, implement, maintain, support (and retire/refresh where required) all locally hosted (On premise, Cloud) infra components required to run Singapore operations:
Common to all Senior Open Systems Engineer
- Maintain and ensure infra components running in production are in a healthy state;
- Analyze and recommend new infra component acquisitions to meet evolving Singapore Operation’s needs;
- Ensure IT is operated in a manner that complies with Bank Policies and frameworks, standards, circulars, guidelines and MAS regulated act, notices, circulars, and guidelines applicable to technology (Compliance, Audit, Risk Adherence). – Infra components
- Ensure IT assets are protected and secure – Infra components
- Assist in annual budgeting – Infra components
- Be a key stakeholder and technology partner on the bank Digital journey.
- Foster and champion bank PRIDE values within the technology department and imbue the department with a culture of teamwork, innovation, discipline, resiliency and dedication to how work is approached.
- Provide day-to-day support for infra components
- Participate in the setup of test environments to ensure business can do their enhancements and new projects testing for assign applications.
Specific to Senior Open Systems Engineer
Senior Open Systems Engineers are assigned to specialize in one of the following groupings:
- HW, OS, and Core Infra: Infra on premise hardware located in the data centers, server operating systems (Linux, Windows), Storage/SAN, VMware virtualization, Backup and archiving, AD/LDAP domain administration, DNS, MDM/BYOB, SCCM, Linux patch mgr, Endpoints
- Middleware, DB: Middleware (IBM HQ, Oracle Weblogic, Redhat JBOSS, ICBA JHIT), DB (SQL Server, Oracle RDBMS, MySQL, PostgreSQL, AWS Dynamo DB, AWS RDS / Aurora, AWS Redshift, MongoDB)
Strategy, Planning, Mgmt. Reporting
- Provide expert advice and support to technology management in the area of expertise
- Contribute in the formulation a comprehensive Branch IT strategy covering IT policies and procedures, security, architecture, business solutions and operational functional requirements
- Keep abreast of developments and innovations in the FI IT landscape
- Provide mentorship, support and guidance to colleagues, share information and facilitate problem solving
- Contribute in the yearly budgeting for IT expenditures and investments.
- Ensure infra components system health
- Ensure prompt and efficient provision of IT support based on assigned area of expertise (includes request from Data center operations team)
- Oversee contingency plans and ensure their adequacy
- Ensure IT assets are protected and secure
- Maintain and ensure timely renewal of digital certificates and proper lodgment with IT security team.
- Ensure IT operations run in a manner consistent with high score from audit, risk, compliance assessments. The following to be operationalized as standard procedure against all IT asset components:
- Administrative Accounts – All admin accounts lodged into PAM solution per group IT Security guidelines and MAS notice 655 point 4.1
- Patching – Patch notification process established with vendors and patch calendar updated, upon patch release assessment and implementation as needed Per patching guidelines and MAS notice 655 point 4.2
- Hardening - Per component definition and enforcement against SG security standard and Group IT Security guidelines and SG addendum/s and MAS notice 655 point 4.3
- Network Perimeter Defense – Network traffic and segments, firewalls, proxies, dns, vpn access setup in secure manner per group IT security guidelines and MAS notice 655 4.4
- Malware – IT Security consulted and all required IT security protections installed on IT assets per MAS notice 655 point 4.5
- Multi-factor Authentication – MFA, where applicable implement MFA of administrative and internet accounts with access to customer information using PAM per MAS notice 655 point 4.6
- Logging and Monitoring – Security, Capacity, Downtime, Audit
- Capacity Mgmt. – Pre-emptive monitoring (via monitoring), planning and execution of capacity upgrades as needed
- EOL/EOS Upgrades – Per group guidelines. Track and execute upgrades and/or do risk assessment and deviation approval.
- Housekeeping – scripted clean-ups and truncations of logs and temp files after necessary archives executed
- Backups – Required backup strategy per backup guidelines operationalized to central Backup Platform. Recurring scheduled backup validation activities scheduled and performed ongoing to ensure backups working per need.
- Work with system stakeholders to ensure proper classification of system criticality and ensure design and architecture can meet the assessed criticality needs:
- MAS 644 defined Critical system – Ensure DR setup and working and can achieve RTO within 4 hours, RPO within 2 hours and maximum unplanned downtime of not more than 4 hours per rolling 12 months;
- MAS 644 defined non-critical system – Ensure HA/DR per stakeholder requirement.
- BCM related activity planning and execution
- Review and Approve/Reject production change requests as part of TCAB committee
- Raise CAB CR as necessary
- Cutover related planning and execution
- Ensure and maintain adequate test environments in good working order to support enhancements and new projects;
- Track IT related spend against budget.
- Write Memos to authorize procurements
- Write Memos to get deviation approvals where required.
Application and Systems Development / New Platform Acquisition
- Work with project and application teams to provide infra component provisioning to support the projects
- Assist in the migration of applications to run on Cloud for existing systems based on end-user needs and business rationale.
- Assist team lead to write and table committee papers as required to get new systems and/or platforms, or major refreshes approved.
- Initiate and lead IT Infra related projects.
- Write Memos to authorize procurements
- Write Memos to get deviation approvals where required
- Work with Digital Delivery and DevOps team to support migration of workloads running on-premises to Cloud.
Regulatory and Procedural Expertise
- Keep up to date and refreshed on required reading related to guiding how IT must be run in a regulated Financial institution. Minimum read list:
- MAS Technology Risk Management Guidelines (TRMG)
- MAS Notice 644 – Technology Risk Management.
- MAS Notice 655 – Cyber Hygiene
- MAS Outsourcing Guidelines
- RHB Group IT Security Guidelines and SG addendum/s
- SG Patching Guidelines
- SG Backup Guidelines
- SG Technology Department Operational Manual (OM)
- SG IT Standard Operational Procedures (SOP), and System Manuals (SM)
- SG Procurement Operational Manual (OM)
- Participate in Monthly Technology Department meetings.
- Participate in regular Team meeting.
- Use Department issue and work tracking platform.
- Maintain and keep up to date team knowledge base and assist in updating team document assets such as system manual / standard operating procedures (SOP), and operations manuals
- Bachelor Degree/Masters Qualification
- ITIL related certification
- Microsoft certifications
- Redhat certifications
- Oracle certifications
- AWS certifications
Preferred level of Experience (by years/function/industry):
- Minimum 10 years of experience as an infra specialist working at an established financial services institution based out of Singapore or Malaysia.
- Minimum of 5 years of experience specifically focused on Middleware and DBs, or HW, OS and Core infra depending on focus being applied.
- Experience managing vendors
Other skills required:
- Strong project management, communication and documentation skills, well organized, customer focus and reliable
- Ability to manage outsourcing SLA and relationships
- Familiarity with AWS or other CSP cloud platforms.
Specific for HW, OS, Core Infra:
- Strong domain knowledge in Open systems OS (Linux, Windows)
- Avamar data domain, VMWare vsphere, NSX, vSAN), AWS, DNS, Active Directory / LDAP Mgmt, System monitoring, MDM – Airwatch or Mobile Iron)
Specific for Middleware, DB:
- Knowledge in DB system admin (Oracle, MS SQL Server, MySQL, PostgreSQL, AWS Dynamo DB, AWS RDS / Aurora, AWS Redshift, MongoDB), Middleware system admin (Weblogic, JBoss, IBM MQ),