Head of Informtion Security - Malaysia, Kuala Lumpur - GatedTalent - Connecting Top Executive Search Firms And Executives

Description

• As part of RMiT requirement, be responsible for ensuring the BigPay's information assets and technologies are adequately protected, which includes:
• formulating appropriate policies for the effective implementation of a robust technology risk management framework (TRMF) and cyber resilience framework (CRF);
• enforcing compliance with these policies, frameworks and other technology-related regulatory requirements; and
• advising senior management on technology risk and security matters, including developments in the financial institution's technology security risk profile in relation to its business and operations.
• Be independent from day-to-day technology operations; keep apprised of current and emerging technology risks which could potentially affect the financial institution's risk profile; and be appropriately certified (the certification can be at the country level specific)
• Design an information security strategy that effectively protects BigPay's information assets, including security standards
• In concert with our Group CISO ensure steer and timely completion of all technology risk items including relevant coordination with various teams for gathering information, providing inputs for regulatory and audit compliance across the group.
• Implement and enforce information security strategy with documented processes and protocols, including appropriate security controls across the organisation
• Maintain pro-active security measures on a periodic basis (including security reviews of new functionality and code changes, vulnerability scans etc.), and effective and rapid incident response mechanisms
• In concert with our Group Chief Legal and Compliance Officer and their team ensure compliance with applicable regulations
• Play a key role in business continuity planning and risk management
• Be responsible for any regulatory reporting requirements around information security
• Engage with stakeholders including management, investors, regulators, legal authorities and others and provide them with clear and concise perspectives on information security
• Independently communicate the respective region's information security strategy, technology risk strategy, performance and issues to Boards' Risk and Audit Committees as necessary
  
  

• Security Architecture & Strategy:
• Design and develop a holistic information security and data privacy program, scaling with company growth. Formulate best practices and set security standards, while preparing and documenting SOPs and protocols.
• Spearhead security assessment processes, encompassing penetration testing, vulnerability management, and secure software development.
• Expand security tooling and automation efforts across the organisation.
• Threat Management, Mitigation and Regulatory Compliance:
• Proactively spot security issues and threats, devising robust processes and systems to safeguard against them.
• Steer compliance endeavours, including external audits, regulatory compliance initiatives, and overarching security evaluations.
• Convey infosec and data privacy operational goals, relaying their impact to stakeholders.
• Stakeholder & External Communication:
• Engage with outside stakeholders, encompassing customers, partners, compliance bodies, and other legal/regulatory authorities.
• Deliver strategic risk guidance, evaluating and suggesting technical standards and controls. Set in place a robust incident management process.
• Design and execute an information security strategy that effectively protects BigPay's information assets.
• Define and enforce information security standards across the organisation.
• In concert with our compliance and legal team, ensure compliance with applicable regulations.
• Select, implement and maintain appropriate technical security controls.
• Maintain effective proactive security measures and effective and rapid incident response.
• You will also be heavily involved in business continuity planning and risk management.
  
  

• At least 7 years of proven information security management experience.
• Bachelor's degree in computer science, Cybersecurity, or related fields.
• Certifications like CISSP and/or CISA are preferred.
• Expertise in compliance, especially in frameworks such as COBIT, ITIL, ISO27001/2, NIST, and SOC2.
• Hands-on experience in security assessment, technology risk governance, cloud architecture, threat modelling, and policy drafting.
• In-depth comprehension of Secure SDLC, DevSecOps, or security automation.
• Ability to communicate effectively with external Data Privacy and Info Sec representatives.
• Knowledge of MY legislation such as RMiT is mandatory. Additional knowledge of MAS and BOT regulations, HIPAA, SOX, PCI, and GDPR is preferred.
• ISO27001 auditor or implementer experience can be additional plus.