Head of Threat, Vulnerability and SOC

Position: Head of Threat, Vulnerability and SOC

Location: Kuala Lumpur

Duration: Permanent

Position Overview

The Vice President Threat Management, Vulnerability Management, and SOC is

responsible for leading the bank's cybersecurity defense operations, overseeing the end-to-

end lifecycle of threat detection, prevention, and response. This role involves managing the

Security Operations Center (SOC), vulnerability management programs, and advanced threat

management capabilities to safeguard the bank's systems, data, and customers.

The ideal candidate will bring strong technical leadership, regulatory awareness, and

experience in building resilient cyber defense strategies. While banking sector experience is

preferred, candidates from other regulated industries with strong cybersecurity leadership

backgrounds will be considered.

Key Responsibilities

Threat Management

Lead the threat intelligence program to identify, analyze, and mitigate cyber threats targeting the bank.

Establish processes to assess emerging threats and provide actionable intelligence to business and technology teams.

Develop proactive measures to prevent, detect, and respond to advanced cyberattacks.

Vulnerability Management

Oversee enterprise-wide vulnerability assessment, scanning, and remediation processes.

Collaborate with IT and application teams to ensure timely remediation of critical vulnerabilities.

Develop a risk-based prioritization model for vulnerability patching and mitigation.

Report on vulnerability trends, metrics, and compliance to senior management and regulators.

Security Operations Center (SOC) Leadership

Lead the 24x7 SOC operations, including incident detection, triage, response, and recovery.

Establish incident response playbooks, escalation procedures, and forensic investigation practices.

Ensure SOC analysts have the tools, training, and resources to perform effectively.

Drive automation and orchestration initiatives to improve SOC efficiency and reduce response times.

Governance, Risk & Compliance

Ensure compliance with relevant banking and regulatory requirements (guidelines, PCI DSS, ISO 27001, NIST, MAS TRM, GDPR as applicable).

Act as a key point of contact with regulators, auditors, and internal stakeholders on threat and vulnerability anagement.

Develop reporting dashboards for executives and board-level committees on security posture.

Leadership & Strategy

Provide strategic direction for cybersecurity operations aligned with the bank's overall risk management framework.

Build and mentor a high-performing cyber defense team.

Partner with IT, Risk, Audit, and Business stakeholders to embed security into the

organization's culture.

Keep abreast of the latest threats, technologies, and best practices in cybersecurity.

Qualifications & Experience

Education:

Bachelor's degree in Computer Science, Information Security, Engineering, or related field.

Master's degree or MBA is a plus.

Certifications (preferred):

CISSP, CISM, CISA

GIAC (GCIH, GCIA, GMON, GRID, or similar)

CEH, OSCP, or equivalent technical certifications

Cloud Security (CCSP, AWS Security Specialty, Azure Security Engineer) is an advantage.

Experience:

1215 years of overall cybersecurity experience, with at least 5 years in a leadership role.

Experience managing SOC operations, incident response, and threat intelligence.

Proven expertise in vulnerability management and remediation.

Banking or financial services background strongly preferred but not mandatory.

Demonstrated ability to engage with regulators, auditors, and executive stakeholders.

Strong knowledge of cybersecurity frameworks (NIST CSF, MITRE ATT&CK, ISO 27001).

Key Competencies

Strong leadership and people management skills.

Excellent analytical and problem-solving abilities.

Ability to communicate complex technical issues to senior management and board members.

Risk-based decision-making mindset.