CIMB Group is the leading ASEAN Universal Bank and home for all your personal and business financial needs. Know more about our group here.
Responsibilities:
To formulate IT Security and Cyber Security objectives, prepare blueprint, project plans and schedules.
Leading the strategic direction and management of all aspects of cybersecurity for the organisation.
To guide the design and continuous improvement of the IT Security architecture and cybersecurity maturity model that balances business needs with security risks.
Ensuring that security operations handling the cybersecurity defences remain current and relevant.
To ensure that IT systems and applications within our organization meet the needs of the business while adhering to security best-practices, compliance and regulatory requirements.
To advise the management on all security matters and set directions for complying with regulatory inquiries, inspections and audits.
Communicating digital programmes and cybersecurity strategy to a range of stakeholders and provide sound security advice.
Actively involved in projects or issues of high complexity that require in-depth expert level knowledge across multiple technical areas and business segments (internal and external), demonstrating strong cyber resilience skills and sound judgement.
To advise the project team in clarifying the organization’s IT Security standards and to review the functional specifications and technical specifications of the project to ensure adequate security controls are in place throughout all systems and platforms to mitigate identified security risks sufficiently.
Establish security architecture to align to Group Cyber Resilience.
Drive security strategies and implement IT solutions to minimise the risk of cyber-attacks.
Conducting a continuous assessment of current IT security practices and systems and identifying areas for improvement.
Displaying sound judgement and decisiveness in ensuring that corporate information is well protected and secured.
Implementing cybersecurity assurance and operational support for business units.
To raise cybersecurity awareness among the organisation.
Managing the IT security budget and communicating this with appropriate parties.
Overseeing the management of the IT security department, giving leadership to the team and developing staff.
To lead a team of Security Trained Professionals to perform their duties as stipulated in their Job Description.
To establish and maintain the IT Security & CyberSecurity requirement standards.
To conduct pre-production security assessments to evaluate the effectiveness of security controls.
Minimize the number of security incidents.
Maximize the cybersecurity resilience.
Requirements:
A Bachelor's degree in computer science is a minimum. A Master's degree in business administration is highly desirable.
Security industry certifications such as CISSP, CISM, SANS, GSEC are preferred.
Other industry certifications such as PMP, ITIL, Microsoft, CISCO (preferred, but not required).
Minimum 8-12 years’ experience working in a large-scale IT environment on information security and risk; including five (5) years of managing security operations and teams.
Currently holding a leadership position or have been in a similar capacity. Have experience in leading a team in terms of design and assessment of IT security solutions, preferably in a financial services environment.
A proven record of dealing with complex projects and meeting conflicting demands.
Ability to adapt to a fast-moving Cyber security landscape and keep pace with latest thinking and new security technologies.
Thrives on change, showing an impressive ability to drive the IT security strategy forward.
Forms business partnerships that help drive the IT security strategy forward.
Can make decisions that are well informed and timely.