Search by job, company or skills

R

Area Lead, IT Security Excellence

RHB Banking Group
Malaysia, Selangor
10-15 Years
new job description bg glownew job description bg glownew job description bg svg
  • Posted 18 hours ago
  • Be among the first 10 applicants
Early Applicant

Job Description

Position: Head, Group IT Security

Overall Responsibility

  • Set the overall direction by formulating and executing a comprehensive Group IT Security strategy for RHB Banking Group (including regional offices), ensuring a secure, resilient, and riskminimised IT environment that supports business objectives and complies with all applicable regulatory, legal and industry requirements.
  • The role is accountable for Groupwide cyber security governance, technology controls, incident readiness, and security culture, while providing strategic advisory to the Board, senior management and regulators.

Key Responsibilities

2.1 Strategy, Governance & Leadership

  • Define, own and continuously evolve the Group IT Security strategy, roadmap, and target maturity model, aligned with business priorities and regulatory expectations
  • Provide independent, strategic IT security and risk advisory to the Group CTO, Senior Management, Board and relevant committees to enable informed riskbased decisions
  • Establish, maintain and enforce Group IT Security policies, standards, and frameworks, ensuring consistent adoption across Head Office and regional offices
  • Champion and cultivate a strong security and compliance culture across technology and business stakeholders

2.2 Risk Management & Regulatory Compliance

  • Ensure Group compliance with all applicable regulatory, statutory and supervisory requirements related to information security and technology risk
  • Oversee IT security risk identification, assessment, treatment, and reporting, ensuring clear visibility of residual risk to senior stakeholders
  • Act as the primary technology security liaison for regulators, auditors, and independent assessors, including audit issue remediation and closure

2.3 Cyber Security Operations & Incident Management

  • Provide executive oversight of cyber security operations, including threat monitoring, detection, hunting and response capabilities.
  • Serve as the primary control and escalation point for significant cyber and information security incidents, ensuring timely decisionmaking, communication, and recovery.
  • Ensure a robust, tested, and continuously improved Cyber Incident Response Plan, supported by 24x7 Security Operations Centre (SOC) capabilities

2.4 Security Architecture & Technology Controls

  • Ensure the design, implementation and effectiveness of defenceindepth security controls across network, endpoint, application, identity and data layers.
  • Provide strategic oversight of security capabilities including (but not limited to):
    • Network and perimeter security (firewalls, IPS, WAF, NAC)
    • Endpoint and workload protection (EDR, XDR, antimalware)
    • Identity and access management (IGA, SSO, PAM)
    • Data protection (DLP, encryption, MDM)
    • Threat detection and response platforms (SIEM, SOAR)
  • Act as the security gatekeeper for new systems and major changes, ensuring securitybydesign through architecture review, assurance, and testing (VA/PT).
2.5 Regional & Group Oversight

  • Provide governance, oversight and assurance to ensure regional offices security controls, operations, and maturity are aligned with Group standards and risk appetite.
  • Drive consistency while accommodating justified local regulatory or operational requirements.

2.6 Financial, Vendor & Talent Management

  • Accountable for IT Security budget planning and optimisation, ensuring effective use of CAPEX and OPEX to support strategic priorities.
  • Maintain strong relationships with security principals, vendors, and partners to stay abreast of emerging threats, technologies, and industry trends.
  • Lead resource planning, succession, and talent development, building a highperforming and futureready IT Security organisation.

Key Interfaces

  • Board and Board Committees
  • Group CTO and Senior Management
  • CISO
  • Group Technology Leadership and Architecture Committees
  • Regulators, auditors and external assessors
  • Regional CIO / Technology Heads

Requirements (Qualification / Experience / Skills)

4.1 Education & Professional Certifications

  • Master's Degree or Bachelor's Degree in Computer Science, Information Technology, or related discipline
  • Professional certifications (mandatory / strongly preferred):
    • CISSP
    • CISM
    • CISA
    • ISMS / Information Security Management related certification
4.2 Experience

  • Minimum 10 15 years of IT / Information Security experience, preferably within the Financial Services Industry
  • At least 10 years in a senior leadership or management role overseeing enterprisewide security functions
  • Proven experience engaging Boards, regulators, and senior executives on technology risk and cyber security matters

4.3 Skills & Competencies

  • Strong enterpriselevel understanding of IT security, cyber risk, and regulatory compliance
  • Excellent leadership, stakeholder management, and communication skills
  • Strong analytical, decisionmaking, and problemsolving capabilities
  • Ability to balance security, compliance, and business enablement in a complex, regulated environment

More Info

Job Type:
Permanent Job
Industry:
Other
Function:
It Security
Employment Type:
Full time

About Company

RHB Banking Group

Job ID: 144581067

Jobs by Skill - IT
Jobs by Skill - Non IT
International Jobs
Last Updated: 18-03-2026 10:36:56 PM
Homejobs in MalaysiaArea Lead, IT Security Excellence