Head of Cybersecurity

Key Responsibilities:

Cyber Security Strategy Development:

• Develop, define and implement a holistic and comprehensive cybersecurity and information security strategy which aligned with the business objectives.
• Lead and manage enterprise-wide cybersecurity programmes, ensuring resilience against cyber threats.
• Conduct maturity assessments and develop roadmaps for long-term cyber resilience.

Organisational Transformation:

• Lead initiatives to embed security within business processes, fostering a culture of security.
• Develop and deliver change management programs to enhance security awareness and capabilities.

Security Operations, Engineering & Incident Response

• Oversee security operations centers (SOC) and ensure effective monitoring and response to cyber threats.
• Lead incident response teams to manage and contain security breaches or cyberattacks.
• Establish and test incident response plans, ensuring rapid recovery from cyber incidents
• Ensure security controls (firewalls, encryption, authentication systems) are effectively deployed.
• Evaluate & approve new solutions & vendors from a security perspective
• Drive incident response planning, including tabletop exercises and post-incident reviews for the Bank.

Governance, Risk, and Compliance (GRC):

• Design and implement GRC frameworks to ensure compliance with industry regulations and standards (ISO 27001, NIST, GDPR, etc.).
• Define and enforce enterprise-wide cybersecurity policies, standards, and best practices, and implement security governance frameworks to drive accountability and compliance.
• Conduct audits and gap analyses, report cybersecurity risks, incidents, and mitigation strategies to the Board and ManCo by providing actionable insights to enhance governance practices.

Risk Assessment and Vulnerability Management:

• Identify, assess, and mitigate cyber risks across the Bank and provide recommendations on risk mitigation and acceptance, balancing security with business needs.
• Provide oversight on vulnerability assessments and penetration testing to identify security weaknesses.
• Collaborate with technical teams to remediate identified vulnerabilities and enhance security posture.
• Stay ahead of cybersecurity trends, threats, and technological advancements, to drive continuous improvements in security architecture and infrastructure.

Vendor & Third-Party Risk Management

• Assess and manage cybersecurity risks associated with third-party vendors and service providers to ensure vendor contracts include appropriate security requirements and compliance standards.
• Conduct 3rd party security audits to ensure vendors adhere to the Bank's security standards

Awareness, Training and Advisory:

• Serve as a trusted advisor to the Bank by providing strategic guidance on emerging, risks, threats and technologies.
• Deliver high-quality reports, presentations, and workshops tailored to the Bank's requirements.
• Foster a culture of security across the Bank by leading the cybersecurity awareness and training programmes for employees and Board.

Job Requirements:

Skills

• Excellent communication and stakeholder management skills
• Strong analytical and problem-solving skills
• Proficient with security tools i.e. firewall, SIEM, etc.

Knowledge

• Degree in Cybersecurity, Information Technology, or a related field. Post graduate qualifications preferred.
• Professional certifications such as CISSP, CCISO, CISM, CISA, or CRISC are highly desirable.
• Strong understanding of cybersecurity frameworks, standards, and best practices.
• Knowledge of regulatory compliance (eg. Bank Negara) in the financial sector
• Knowledge of cloud security, threat intelligence, and emerging technologies

Experience

• 15+ years of experience in cybersecurity consulting, with a focus on strategy, GRC, and risk management.
• Proven experience in organisational transformation and change management.
• Experience with security automation and implementation of advanced security tools.