Our client is one of the leading financial services organisations in Malaysia. With a heritage of more than 100 years, they provide comprehensive financial services covering consumer banking, business banking and trade finance, treasury, branch and transaction banking, wealth management, private banking and Islamic financial services.
Apart from banking, they are also involved in the provision of insurance and takaful, as well as investment banking, unit trust, fund management and stock broking services.
Job Purpose:
- Manage and lead a team of managers, technical and support staffs of IT Security Department in order to secure and control the systems, networks, applications and databases within The Banking Group of companies.
Responsibilities:
- Oversee Group IIT Security Department for IT systems, networks, applications and databases
- Develop and implement IT Security Strategy plan for Banking Group of companies
- Propose and seek approval for IT Security budget (Capex and Opex)
- Develop, maintain and implement IT Security Policy for Banking Group of companies
- Strategize and reorganize IT Security Department in order to establish a proper process of “makers” and “checkers”.
- Recommend and implement new IT Security initiative to secure corporate and customer sensitive information
- Facilitate IT Risk to ensure effective IT risk identification, mitigation and monitoring
- Participate in IT projects to provide advice on security and compliance requirements.
- Manage compliance reviews of IT functions to ensure the state of compliance with legal and regulatory requirements, internal policies and standards.
- Manage the network security review and penetration test exercise
- Ensure manuals are timely reviewed and safe-keeping of all policies and procedures
- Ensure IT audit reports from internal and external auditors are responded and IT audit issues are tracked and rectified within the agreed timeframe
- Ensure compliance to mandates set out by electronic partners (VISA, Mastercard, AMEX and MEPS)
- Evaluate and implement proper security tools (SIEM, IDMS, DLP, etc) in order to mitigate the weaknesses in manual security controls as well as to promote an effective and efficient administration
Oversees security technology areas like:
- Firewalls
- Internet surfing proxy servers
- Intrusion detection
- Advanced Persistency Threats
- Anti DDOS solutions
- Internet Fraud Solutions
- Data Loss Protection solutions
- Dual control of ID and passwords
- Enterprise password vaults
- Escalation of user privileges
- ID management
- Single sign on
Managerial (team/group responsibilities)
- Manage & provide leadership to a team of managers, technical & support staffs
- Decision maker at department level for all IT Security related matters
- Provide guidance to IT Staff & Business User in complying to regulatory & audit requirement
- Organizational (organizational responsibilities) including Strategic Cost Management and Financial Goals
- Recommend & implement security architecture for banking Group of companies
- Support group wide IT Security requirement (Singapore, Vietnam, Hong Kong, Insurance & Investment Banking)
- Update security statuses to Senior Management at IT Security/Risk Meeting
Requirements:
- Education/Qualification - Degree/Higher Diploma in Computer Science/IT
- Experience/Requirements - More than 10 years of supervisory and managerial experience in IT Security Department
- Special Skills Interpersonal Skill , Leadership Skill & Time and Resource Management Skill
Certification/Licensing Requirements:
- Certified CRISC (Certified Risk Information Systems Control) by ISACA
- Certified CHFI (Certified Hacking Forensic Investigator) by EC-Council
- Certified ECSA/LPT (Certified Security Analyst) by EC-Council
- Certified CEH (Certified Ethical Hacker) by EC-Council
- Certified CISSP (Certified Information Systems Security Professional) by (ISC)2
- Certified CISA (Certified Information System Auditor) by ISACA
- Certified CISM (Certified Information Security Manager) by ISACA