Search by job, company or skills

R

Head, Group IT Security (Area Lead, IT Security Excellence)

RHB Banking Group
Malaysia, Selangor
10-15 Years
Save
new job description bg glownew job description bg glownew job description bg svg
  • Posted a day ago
  • Be among the first 10 applicants
Early Applicant

Job Description

Job Description

Position: Head, Group IT Security

Overall Responsibility:-

  • Set the overall direction by formulating and executing a comprehensive Group IT Security strategy for RHB Banking Group (including regional offices), ensuring a secure, resilient, and risk‑minimised IT environment that supports business objectives and complies with all applicable regulatory, legal and industry requirements.
  • The role is accountable for Group‑wide cyber security governance, technology controls, incident readiness, and security culture, while providing strategic advisory to the Board, senior management and regulators.

Key Responsibilities :-

Strategy, Governance & Leadership

  • Define, own and continuously evolve the Group IT Security strategy, roadmap, and target maturity model, aligned with business priorities and regulatory expectations
  • Provide independent, strategic IT security and risk advisory to the Group CTO, Senior Management, Board and relevant committees to enable informed risk‑based decisions
  • Establish, maintain and enforce Group IT Security policies, standards, and frameworks, ensuring consistent adoption across Head Office and regional offices
  • Champion and cultivate a strong security and compliance culture across technology and business stakeholders

Risk Management & Regulatory Compliance

  • Ensure Group compliance with all applicable regulatory, statutory and supervisory requirements related to information security and technology risk
  • Oversee IT security risk identification, assessment, treatment, and reporting, ensuring clear visibility of residual risk to senior stakeholders
  • Act as the primary technology security liaison for regulators, auditors, and independent assessors, including audit issue remediation and closure

Cyber Security Operations & Incident Management

  • Provide executive oversight of cyber security operations, including threat monitoring, detection, hunting and response capabilities.
  • Serve as the primary control and escalation point for significant cyber and information security incidents, ensuring timely decision‑making, communication, and recovery.
  • Ensure a robust, tested, and continuously improved Cyber Incident Response Plan, supported by 24x7 Security Operations Centre (SOC) capabilities

Security Architecture & Technology Controls

  • Ensure the design, implementation and effectiveness of defence‑in‑depth security controls across network, endpoint, application, identity and data layers.
  • Provide strategic oversight of security capabilities including (but not limited to):
  • Network and perimeter security (firewalls, IPS, WAF, NAC)
  • Endpoint and workload protection (EDR, XDR, anti‑malware)
  • Identity and access management (IGA, SSO, PAM)
  • Data protection (DLP, encryption, MDM)
  • Threat detection and response platforms (SIEM, SOAR)
  • Act as the security gatekeeper for new systems and major changes, ensuring security‑by‑design through architecture review, assurance, and testing (VA/PT)

Regional & Group Oversight

  • Provide governance, oversight and assurance to ensure regional offices security controls, operations, and maturity are aligned with Group standards and risk appetite.
  • Drive consistency while accommodating justified local regulatory or operational requirements.

Financial, Vendor & Talent Management

  • Accountable for IT Security budget planning and optimisation, ensuring effective use of CAPEX and OPEX to support strategic priorities.
  • Maintain strong relationships with security principals, vendors, and partners to stay abreast of emerging threats, technologies, and industry trends.
  • Lead resource planning, succession, and talent development, building a high‑performing and future‑ready IT Security organisation.

Key Interfaces

  • Board and Board Committees
  • Group CTO and Senior Management
  • CISO
  • Group Technology Leadership and Architecture Committees
  • Regulators, auditors and external assessors
  • Regional CIO / Technology Heads

Requirements (Qualification / Experience / Skills)

Education & Professional Certifications

  • Master's Degree or Bachelor's Degree in Computer Science, Information Technology, or related discipline
  • Professional certifications (mandatory / strongly preferred):
  • CISSP
  • CISM
  • CISA
  • ISMS / Information Security Management related certification

Experience

  • Minimum 10 – 15 years of IT / Information Security experience, preferably within the Financial Services Industry
  • At least 10 years in a senior leadership or management role overseeing enterprise‑wide security functions
  • Proven experience engaging Boards, regulators, and senior executives on technology risk and cyber security matters

Skills & Competencies

  • Strong enterprise‑level understanding of IT security, cyber risk, and regulatory compliance
  • Excellent leadership, stakeholder management, and communication skills
  • Strong analytical, decision‑making, and problem‑solving capabilities
  • Ability to balance security, compliance, and business enablement in a complex, regulated environment

More Info

Job Type:
Permanent Job
Industry:
Other
Function:
It Security
Employment Type:
Full time

About Company

RHB Banking Group

Job ID: 147059135

Jobs by Skill - IT
Jobs by Skill - Non IT
International Jobs
Last Updated: 08-05-2026 05:37:20 AM
Homejobs in MalaysiaHead, Group IT Security (Area Lead, IT Security Excellence)

Similar Jobs

KPMG In Malaysia - Advisory - TRC Cyber Defense & Incident Response - Experienced Hires

kpmg malaysia

Cloud Security Manager

cygnify

Associate Solution Sales Director, Cloud (Private /Hybrid)

Starhub

Senior Manager - Cybersecurity

hartalega

Information Technology Project Manager

KGISL Group of Companies