Develop Bank’s Information Security related policies and ensure the compliance with the policies, applicable laws and statutory regulations.
Participate as incident response team on cyber security incident handling, damage assessment and corrective measures. Review the incident reports submitted to regulators.
Conduct gap analysis of new regulations and Bank's established policies, processes, guidelines to ensure compliance.
Perform independent review of cyber risks and identify areas for improvement, e.g. network architecture design, firewall/network devices configurations, data loss prevention rules and vulnerability assessment/penetration test findings.
Conduct cyber risk awareness training.
Coordinate the internal and external audit projects.
Requirements
Bachelor's degree in IT, computing, Information Systems or any related domains.
5 to 10 years of experience in any of these disciplines: Cyber security, technology risk management, audit and compliance in technology areas
Sound knowledge in technology risk regulatory requirements (e.g. BNM Risk Management in Technology, data security requirements from PDPA, etc) and industry standards such as CIS, NIST, ISO 27001/2.
Extensive experience on CSIRT, network security, IPS/IDS/firewall, DLP tools and risk assessment of vulnerability assessment & penetration test findings
Possess strong oral and written communication skills and capable of engaging senior stakeholders.
Clear analytical thought process and good understanding of emerging technologies developments and risk management frameworks.
Professional certification such as CISSP/CISM/CEH would be advantageous.