Search by job, company or skills

H

Manager, VAPT

Hong Leong Bank
Malaysia
5-8 Years
new job description bg glownew job description bg glownew job description bg svg
  • Posted 12 hours ago
  • Be among the first 10 applicants
Early Applicant

Job Description

If you are looking to excel and make a difference, take a closer look at us

Overview:

  • The Manager of VAPT is responsible for the strategic leadership and operational execution of the bank's offensive security program. Your mandate is to proactively identify, challenge, and eliminate security weaknesses across the entire group's digital landscape. You will govern a comprehensive testing regime that includes automated vulnerability scanning, advanced manual penetration testing, and red-teaming exercises to simulate real-world cyberattacks against our critical banking infrastructure and financial applications.

  • This leadership role demands the translation of technical vulnerabilities into actionable business risks. You will ensure that all testing activities align with strict regulatory mandates, such as BNM RMiT, and internal security frameworks. You are the primary guardian of the bank's attack surface, ensuring that new products, cloud migrations, and third-party integrations are rigorously battle-tested before they reach production.

  • You will act as a crucial partner to the Security Engineering and App Security teams, driving the remediation lifecycle to ensure that discovered gaps are closed with speed and precision. By enforcing security testing into the SDLC (CI/CD pipelines), you will facilitate a Shift Left culture that identifies flaws early, protecting the bank's reputation and securing our market standing as a resilient, global financial institution.

Responsibilities:

  • Vulnerability & Testing Management: Lead end-to-end scanning and penetration testing (web, mobile, network) across the Group, prioritizing high-risk findings for remediation.

  • Regulatory & Audit Lead: Primary Group representative for all audit reviews, mapping results to BNM RMiT and PCI-DSS compliance frameworks.

  • Remediation Validation: Monitor and validate security gap closures to ensure compliance with Group SLAs and regulatory mandates.

  • Executive Reporting: Compile and present risk-based findings and remediation progress to senior management and IT Security Committees.

  • Vendor & Budget Oversight: Manage third-party security providers for mandatory assessments (Annual Pentests, PCI ASV) and oversee software licensing budgets.

  • Change & Incident Support: Conduct impact assessments on system changes and provide offensive expertise during incident investigations to identify entry points.

  • Tooling Optimization: Deploy and tune Group VAPT tools (DAST, SAST, IAST) and automate attack surface management.

  • Strategy & QA Leadership: Drive the long-term Group VAPT vision and conduct final quality reviews on all internal/vendor reports to ensure technical depth and actionable remediation.

  • Attack Surface Design: Identify security blind spots in complex architectures and translate them into robust, Group-wide testing scenarios.

  • Technical Advisory: Provide expert counsel on infrastructure flaws (Firewalls, WAF, Cloud) and evaluate the efficacy of regional defensive controls.

  • SDLC Integration: Embed automated security gates and risk-based testing within Group CI/CD pipelines to enable Shift-Left security.

  • Exploit & Mitigation Analysis: Explain complex exploit chains to application owners and provide permanent mitigation strategies to prevent external breaches.

  • Emerging Threat Research: Evaluate new exploitation techniques (e.g., AI-driven attacks) and recommend defensive shifts to maintain Group resilience.

  • Governance & Blueprints: Endorse technical remediation designs and produce offensive security blueprints for the ARB and regional governance forums.

  • Strategic Governance: Partner with architects and DevOps to validate security by design across regional products, maintaining all VAPT policies and playbooks.

  • Regulatory & SME Advisory: Act as SME for business units on risk and scope, ensuring BNM RMiT compliance through global offensive security standards.

  • Team & Performance: Mentor ethical hackers, managing technical growth and performance to ensure operational consistency group-wide.

  • Stakeholder Alignment: Manage relationships with the CITO, CISO, and Cyber Defense to align testing with Group Technology strategy.

  • Risk Accountability: Own the Group's technical risk assessment, prioritizing remediation across all regional offices and platforms.

Skills and Experience We Are Looking For:

  • Bachelor's Degree in Cybersecurity, Computer Science, Information Technology, or a related field.

  • Must possess at least one or more of the following: OSCP, CISSP, CISM, CISA, GPEN, or equivalent industry-recognized security certifications.

  • 5-8 years of experience in Cybersecurity, specifically in Vulnerability Management or Penetration Testing.

  • Deep expertise in BNM RMiT (Risk Management in Technology) and PCI-DSS 4.0 standards.

  • Must have a strong understanding of industry-standard penetration testing methodologies, including: OSSTMM, OWASP, PTES and others.

  • Must have hands-on experience managing and configuring VA tools such as Tenable, Rapid7 InsightVM, Qualys and others.

  • Experience managing vulnerability lifecycles within enterprise platforms such as ServiceNow, Jira or IBM OpenPages.

Special Skills

  • Proficiency in Python specifically for developing custom scripts to automate report generation or tool-to-tool API integrations.

  • Expertise in manual exploitation techniques for web applications, including deep-dive testing for complex business logic flaws, API security, and session management vulnerabilities.

  • Expertise in manual security assessments for Mobile Applications (iOS/Android), focusing on binary analysis and secure data storage.

  • Experience in overseeing Red Team or adversarial simulation exercises to validate the effectiveness of the bank's security controls.

  • Ability to communicate complex security concepts to non-technical stakeholders.

  • Leadership and collaboration with cross-functional teams.

  • Experience of developing and influencing strategic working relationships with key technology suppliers.

  • Experience in managing high performing teams and empowering them to deliver against the agreed strategy and roadmap.

  • Experience of establishing and monitoring governance, including accountability, engagement, KPI metrics, etc., and planning and controlling budgets.

Certification/Licensing Requirement

  • CISSP, CCSP, or equivalent would be an added advantage.

  • Expertise in cloud security (AWS, Azure, GCP) and on-prem security controls.

For more job opportunities, please go to HLB Careers:

More Info

Job Type:
Permanent Job
Industry:
Banking/Accounting/Financial Services
Function:
Cybersecurity
Employment Type:
Full time

Job ID: 143361217

Jobs by Skill - IT
Jobs by Skill - Non IT
International Jobs
Last Updated: 24-02-2026 07:07:08 PM
Homejobs in MalaysiaManager, VAPT

Similar Jobs

Information Technology Infrastructure Manager

First Point Group
F

IT & Data Regional Cybersecurity Manager

Danone

Customer Delivery Manager

Enfrasys

Release Manager

Techcom Solutions India Private Limited

Regional Sales Manager

CDNetworks