What you will do

📍Define, manage and update company's information security policies, standards, and processes in coordination with different business functions to protect infrastructure, business-critical data and customer information 📍Ensure policies are consistently applied across company and monitor adherence to the defined governance principles to ensure expected value is delivered 📍Serve as a SME on information security regulations and advise employees and management on information security requirement and recommendations 📍Plan and deliver security awareness trainings and other awareness activities to the company’s employees 📍Develop and enhance relationships with Business and Technology stakeholders to understand current challenges and establish a GRC framework to manage risk and compliance levels 📍Coordinate and execute IT / IS risk assessments and reviews, providing risk-based recommendation and track the implementation of risk mitigation to completion 📍Work with Tech team to develop and test IT business contingency and disaster recovery plans 📍Liaise directly with Compliance and various backend Technology teams on regulator inspection, regulatory reporting, external audit, security certificate programs, and internal audit projects to assure compliance with financial regulations 📍Coordinate and perform compliance activities and checks 📍Conduct and manage external security due diligence checks and 3rd security risk management program that covers onboarding to off boarding 📍Communicate and report to management, present security risks and recommendations in Risk 📍Management Committees (RMC) 📍Manage and track the company overall security program, projects and KPIs against the defined security roadmap and framework

Preferred qualifications:

📍BS/MS in Computer Science / Cybersecurity with 5 years and above relevant experience in cyber security or information technology risk management in the banking / financial industry 📍Proven experience in running security compliance programmes 📍Experience maintaining information security standards and regulations such as NIST CSF, PCI DSS, ISO27001, GDPR, Philippines BSP, MAS TRM and other regulations 📍Excellent relationship building and communication skills with the ability to engage people from diverse cultures and different levels 📍Strong stakeholder management skills, with regional experiences to leverage on regional knowledge and resources 📍Excellent planning and organizational skills with an ability to meet tight deadlines 📍Good knowledge of cloud computing, networking, OS and its security aspects 📍Proficient in English and Mandarin is a must to communicate with stakeholders from within the organisation 📍CISSP, CISA, CRISC certifications will be an added advantage