Cyber Risk Management - Digital Bank

Job Description:

• Develop Bank’s Information Security related policies and ensure the compliance with the policies, applicable laws and statutory regulations.
• Participate as incident response team on cyber security incident handling, damage assessment and corrective measures. Review the incident reports submitted to regulators.
• Conduct gap analysis of new regulations and Bank's established policies, processes, guidelines to ensure compliance.
• Perform independent review of cyber risks and identify areas for improvement, e.g. network architecture design, firewall/network devices configurations, data loss prevention rules and vulnerability assessment/penetration test findings.
• Conduct cyber risk awareness training.
• Coordinate the internal and external audit projects.

Requirements:

• Bachelor's degree in IT, computing, Information Systems or any related domains.
• 5 to 10 years of experience in any of these disciplines: Cyber security, technology risk management, audit and compliance in technology areas
• Sound knowledge in technology risk regulatory requirements (e.g. BNM Risk Management in Technology, data security requirements from PDPA, etc) and industry standards such as CIS, NIST, ISO 27001/2.
• Extensive experience on CSIRT, network security, IPS/IDS/firewall, DLP tools and risk assessment of vulnerability assessment & penetration test findings
• Possess strong oral and written communication skills and capable of engaging senior stakeholders.
• Clear analytical thought process and good understanding of emerging technologies developments and risk management frameworks.
• Professional certification such as CISSP/CISM/CEH would be advantageous.