Job Description

:Job Purpose:This role will focus to protect the bank\'s IT assets and IT Data, adhering to security best practices, compliance and regulatory requirements.Responsibilities:

• Responsible for ensuring IT systems and applications within our organization meet the needs of the business while adhering to security best-practices, compliance and regulatory requirements.
• Collaborate with teams within and outside of Information Security to assess, monitor, and reduce security risk within the organisation.
• Manage project risks and issues, including risk identification, assessment, monitoring, remediation, and ensure escalation in project governance
• Experience in leading and implementing multiple security solutions and technologies across one or more IT Security domains (Cyber Program Management, Threat Intelligence, Identity & Access Management, Data Protection, Privacy). This experience should include responding to compliance and advisories from regulatory bodies.
• Ensure cybersecurity programs are structured and well-planned and budgeted
• Oversee CAPEX & OPEX budget for security services and projects and manage all reporting to Committees
• Work with IT Security Leads to manage changes in IT Security Roadmap and manage the change management for IT Security programs
• Manage IT Security incidents, mitigation planning, damage assessment and corrective measures.
• Review vulnerability assessment & penetration testing to assess the residual risks & mitigation plans.
• Responsible for ensuring identified cyber security issues are addressed in a timely manner.
• Raise cybersecurity knowledge and awareness within the organisation.

• Bachelor\'s degree in computer science or equivalent is a minimum.
• Minimum 10 years\' experience working in a highly-regulated IT Security/CII environment; Including 5 years of threat intelligence, incident response and VAPT experience
• Security industry certifications such as CISSP, CISA, CREST, CEH, SANS, GSEC, etc are preferred.
• Good knowledge and hands-on experience in native-cloud services on Cloud Security
• Good understanding of TCP/IP protocol and OSI Seven Layer Model.
• Strong knowledge of security best practices and concepts.
• Expert understanding of firewall technologies.
• Knowledge of VPN technologies.
• Ability to plan, organize and prioritize tasks to complete within established time frames.
• Strong analytical, technical, and communication (both oral and written) skills.
• Creative, independent with good problem solving skills.
• Ability to work effectively as a team

CIMB