Security Governance Executive

If you are looking to excel and make a difference, take a closer look at us

Overview:

As a member of HLB's Security Governance team, you will provide strategic oversight of the Information Security Management System (ISMS), managing the full lifecycle of security policies and standards. By embedding Security-by-Design into the bank's digital evolution, you ensure that cloud adoption and third-party integrations align with risk appetites. You will navigate complex regulatory landscapes, ensuring strict compliance with BNM RMiT, PCI-DSS, and NIST frameworks while acting as a subject matter expert during audits. Ultimately, you will drive proactive risk management and cross-functional collaboration to safeguard the bank's reputation and customer trust against evolving cyber threats.

Responsibilities

• Audit: Act as the primary lead for all internal and external IT security audits and regulatory reviews (including BNM, HKMA, and MAS), ensuring the bank demonstrates high maturity levels and audit readiness at all times. Drive the end-to-end audit lifecycle including PCI-DSS and PwC engagements-by coordinating evidence collection, justifying control effectiveness, and tracking all findings to verified closure to minimize compliance risks.

• Baseline: Establish and govern a comprehensive technology baseline by maintaining an accurate inventory of all IT Security hardware, software and data assets including identify systems critical to the bank's operations (crown jewels).

• Compliance: Act as the primary coordinator for regulatory reviews and oversee the annual review of security policies and SOPs to ensure continuous alignment with international best practices and BNM guidelines. Monitor network activities for compliance while compiling monthly and quarterly Cyber Key Risk Indicators (KRI) for regulatory submission.

• Change: Ensure all IT Security changes, incidents and problems follow strict bank policies through mandatory checks and the right level of approvals while acting as a high-level "safety gate to verify that operations are justified, tested and compliant before deployment to minimize business risk.

• Documentation: Ensure reports and forensic documentation related to cyber incidents, investigations, and the specific security measures taken for remediation meets governance requirements. Maintain meticulous audit trails for all governance activities to ensure the organization remains in a state of constant audit readiness.

• Financials: Optimize IT Security financial governance by overseeing monthly spend analysis, budgeting and procurement activities for software, hardware and renewals.

• Operations: Drive operational excellence by leading daily huddles and weekly cadences for the IT Security team to ensure task accountability and strict follow-through on outstanding issues. Establish a rigorous culture of performance, moving from passive monitoring to active enforcement of control testing, while ensuring all team deliverables meet the required quality and timelines.

• Protection: Establish and enforce robust security measures to safeguard critical digital assets while staying current on the latest cyber threats and industry best practices. Collaborate with cross-functional teams to design security solutions that align with the organization's overall defensive strategy.

• Procurement: Ensure procurement compliance and vendor governance by managing IT Security procurement activities in alignment with policy standards including software, hardware and vendor renewals while driving cost optimization through analysis of existing IT charges and identifying opportunities for savings.

• Reporting: Automate and manage the submission of monthly and quarterly Cyber Key Risk Indicators (KRI) to Bank Negara Malaysia and other regional regulators with 100% accuracy.

• Risk: Drive Risk and Control Self-Assessment (RCSA) framework to systematically identify and mitigate operational risks across Group IT Security. Manage Security Risk Register, ensuring all identified vulnerabilities and gaps are documented with clear ownership and a structured timeline for remediation.

• SOP: Lead the review and modernization of all Security Policies and SOPs, ensuring they remain compliant with the latest BNM supplemental guidelines, international best practices and regional outsourcing requirements. From zero to governed as and where applicable.

• Validation: Perform Security Posture Assessments to identify technical flaws and ensure that internal policies are effectively implemented across all systems. Strengthening IT risk posture and regulatory alignment through proactive gap analysis.

• Vendor: Lead annual security due diligence and performance reviews for critical third-party vendors, ensuring

Skills and Experience We Are Looking For:

Bachelor's degree in Computer Science, Information Security, or a related field equivalent practical experience will be considered.

• Professional Background: 5-7 years of experience in IT Security, GRC, or IT Audit within the Financial Services Industry (FSI) or a leading consultancy firm.

• Regulatory Expertise: Proven track record in managing regional regulatory engagements, with deep expertise in BNM RMiT and local compliance mandates.

• Technical Knowledge: Strong understanding of information systems security, including banking infrastructure, products, and modern technology components.

• Governance Mastery: Expertise in developing, implementing, and monitoring IT security policies, standards, and the Risk & Control Self-Assessment (RCSA) framework.

• Audit & Assurance: Familiarity with cybersecurity audit methodologies and frameworks such as ISO27001, NIST, and COBIT.

• Operational Leadership: Demonstrated experience leading team huddles and operational cadences to drive task accountability and performance.

• Regulatory Reporting: Proficient in automating and creating Executive Dashboards for KRI reporting and regulatory submissions.

• Audit Orchestration: Skilled in leading audit engagements, coordinating evidence collection, and conducting rigorous control testing to ensure constant audit readiness.

• Strategic Influence: Ability to justify control effectiveness to auditors and influence stakeholders across IT and Business to prioritize security remediation.

For more job opportunities, please go to HLB Careers: