Senior executive, IT security

JOB TITLE: SENIOR EXECUTIVE (CISO'S OFFICE)

1. Role Purpose

The Senior Executive supports the Chief Information Security Officer (CISO) function in providing independent oversight of cybersecurity and technology risk management across the Bank. The role focuses on monitoring risk posture, supporting governance activities, and ensuring compliance with regulatory requirements (e.g. BNM RMiT, PDPA), while coordinating with first and second line stakeholders.

2. Key Responsibilities

a) Cybersecurity & Technology Risk Oversight

- Support the implementation and monitoring of the Bank's Cybersecurity and Technology Risk Management Framework.

- Assist in identifying, assessing, and tracking cybersecurity and technology risks, including emerging threats.

- Perform independent review and challenge of controls implemented by IT and business units.

b) Risk Assessment & Advisory

- Support risk assessments for new initiatives, products, and system changes (e.g. DPIA, system risk assessment).

- Identify gaps, control weaknesses, and recommend practical mitigation measures.

- Provide advisory to business and IT teams on cybersecurity and data protection requirements.

c) Governance, Reporting & Compliance

- Prepare content for cyber risk reports.

- Track regulatory requirements (e.g. BNM RMiT, PDPA) and ensure alignment across policies and practices.

- Maintain issue logs, and follow up on remediation status.

d) Incident & Threat Monitoring Support

- Support oversight of cybersecurity incidents, including tracking, reporting, and lessons learned.

- Assist in reviewing incident reports and ensuring proper escalation and closure.

- Monitor threat landscape and provide updates on emerging risks and vulnerabilities.

e) Third Party & Technology Risk

- Assist in assessing technology and cyber risks relating to third-party service providers.

- Support due diligence reviews and ongoing monitoring of vendor risk posture.

f) Policy & Framework Development

- Support development, review, and enhancement of cybersecurity policies, standards, and procedures.

- Ensure documentation aligns with regulatory expectations and industry best practices.

g) Stakeholder Coordination

- Liaise with IT, Risk Management, Compliance, and business units to ensure effective risk management.

- Support coordination during audits, regulatory reviews, and internal assessments.

4. Job Requirements

a) Education & Professional Qualifications

- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field.

- Professional certifications are an added advantage (e.g. CISSP, CISM, CRISC, CISA).

b) Experience

- 5–7 years of experience in cybersecurity, IT risk, technology risk, or related roles.

- Experience in financial services / banking environment is preferred.

- Exposure to BNM RMiT, PDPA, or similar regulatory frameworks is an advantage.

c) Technical & Functional Skills

- Understanding of cybersecurity domains (e.g. network security, application security, IAM, data protection).

- Knowledge of risk management concepts and control frameworks.

- Hand-on experienced in incident management, vulnerability management, and security monitoring.

f) Soft Skills

- Strong analytical and problem-solving skills.

- Good communication and stakeholder management capability.

- Ability to work independently while supporting team objectives.