Manager, Business Information Security

Our Client, a well-established multinational insurer in Malaysia, is seeking a person skilled and experienced in Information Security to join their dynamic team. The successful candidate will be responsible for Info Sec activities for the business lines in the organisation.

Key Responsibilities:

Carry out the role of Business Information Security Officer, over seeing information security matters for the organisation

• IT Security Leadership: Lead IT Security initiatives for the Business Unit, working with local and Group IT Security teams.
• Program Management: Develop and maintain the Business Unit's IT Security Program to enhance security continuously.
• Initiatives and Projects: Oversee the definition, implementation, and improvement of local IT Security projects, solutions, architecture, and operational frameworks.
• Group Coordination: Facilitate the rollout of Group IT Security initiatives in the local Business Unit.
• Risk and Metrics Management: Support the preparation of IT Security metrics, risk mapping, and address any identified deficiencies.
• Awareness and Support: Promote understanding of IT Security solutions and processes among Group IT, Business Unit IT, and relevant stakeholders.
• Collaboration and Reporting: Work with the Head of IT and Group CISO to track and report on the IT Security Program and risks, ensuring management is regularly updated.
• Risk Assessments: Provide advice and review IT application risk assessments and technology-related risk assessments, recommending corrective actions where necessary.
• Risk Register and Controls: Review the IT risk register and Key Control Self-Assessment conducted by business units.
• Reporting: Consolidate and facilitate the preparation of quarterly and monthly technology and risk reports for management committees and the Board.
• Governance Policies: Maintain and oversee the implementation of Technology Risk Governance policies, including Data Governance, Technology Risk Management, and Information Classification standards.
• Risk Management Support: Assist in the organization's risk management process, engaging in risk remediation, resolution, monitoring, and risk acceptance activities.

Qualifications and Skills:

• Bachelor's degree in Information Technology or a related field.
• At least 5 years or more in IT Security Management, ideally within the Financial Services sector.
  
• Proven experience in leading Business IT Security initiatives.
• Preferably certified in CISSP or CRISC.
• Strong understanding of IT Security domains.
• Experience working with multicultural, virtual, or distributed teams.
• General understanding of the insurance industry.