VP/AVP, Cyber & Information Security Risk Management

Continue with Google Continue with Google

• Support Head, Group Technology & Cyber Risk Management / CISO in providing the 2nd line of defense roles for cyber and information security risk management across all regional office as well as entities within the Group.
• Collaborate with Group Technology Services in assessing and mitigating cyber and information security risks to protect the Confidentiality, Integrity and Availability of IT services (IT services categorized as “critical”).
• Collaborate with Business Users in the assessment of cyber and information security related risks prior to the rolling out of new products or services.
• Recommend suitable approaches in the management of cyber and information security risks across the Group to minimize financial and / or reputational impact.
• Constructively challenge the applicability and effectiveness of vulnerability assessment and penetration testing performed by Group Technology Services

Key Responsibilities:

• Support the development, review, update and roll-out of Information Security frameworks and policies to provide for an effective governance in the operation of Information Security.
• Establish standards and support the management of cyber and information security controls to protect Group from emerging cyber threats.
• Plan, direct and schedule the independent assessment on the adequacy of controls implemented by Group Technology Services and recommend suitable countermeasures to address cyber and information security risks where applicable to be in line with Group’s risk appetite.
• Validate and constructively challenge the submission of risk tools by Group Technology Services that covers self-assessment, early warning of changes to risk landscape and the approach in testing the controls.
• Validate existing defined security control structures and the granting of access privilege are in line with the Group’s confidentiality requirements.
• Constructively challenge the scope defined for vulnerability testing e.g. vulnerability assessment and PEN Test conducted.

Job Requirements:

• Bachelor Degree - Any related field(s).
• (ISC)² Certified Information System Security Professional (CISSP); or
• (ISC)² Certified Cloud Security Professional (CCSP); or
• ISACA Certified Risk and Information Systems Control (CRISC); or
• ISACA Certified Governance of Enterprise IT (CGEIT); or
• ISACA Certified Information Security Manager (CISM);and
• Minimum of 15 years experience in Technology Risk or Information Security Management at supervisory level at an established financial services institution
• Extensive knowledge of IT risk management methodology and implementation / application for a holistic risk management framework.
• Familiar with cyber and information security risk requirements as required by respective regulators within the countries where the Group operates.

**Only shortlisted candidate will be notified**

Continue with Google Continue with Google

Continue with Google Continue with Google