Senior Principal Information Security Specialist

1. Drive the execution of organization’s cyber security/information security strategy via an appropriate management forum to achieve cyber security vision and target security capabilities.

2. Review and maintain the strategy to be consistent with overall business direction and in line with organization’s peers in related cyber security requirements across the industry

3. Establish and enforce directive controls, validate internal detective and preventive security controls.

4. Work together with relevant stakeholders to assess technology risk considering relevant controls.

5. Coordinate and maintain security governance implementation and certification i.e. PCI DSS and ISMS

6. Drive security culture and behaviour internally through continuous security awareness programs

7. Perform any other ad-hoc assignments that is instructed by the management of Risk & Compliance that may be given from time to time

1. Understanding of cyber security covering both internal and external payments eco-system.

2. Experience related to information security strategy planning, security architecture design and review.

3. Effective communication, collaboration and presentation skills. Ability to explain complex concepts in plain language and graphics. 

1. Coordinate and plan work packages for security governance, risk, compliance and project execution for team members within the department.

2. Provide expert input into the collective information security strategy to ensure that future security investments are aligned appropriately when considering key priorities such as business requirements, industry threat landscape, and risk appetite.

3. Maintain regular engagement and proactive partnership with business and technology teams to ensure cyber/information security strategies align with business and technical needs, requirements, and constraints.

4. Define and maintain security capability catalogues and roadmap to support the information security strategy agenda.

5. Analyse market and industry trends and adjust security strategy accordingly

6. Monitors current and proposed laws, regulations, industry standards, and ethical requirements related to information security and privacy, so that organization is warned in advance and ready to be fully compliant with these requirements.

7. Designs, develops, delivers, or oversees the delivery of information security awareness programs (videos, memos, computer-based training, etc.) delivered to users, technical staff, management and relevant third party personnel.

8. Conceives and proposes new approaches that will allow greater standardization and more effective management of security measures including adoption of automated tools.

9. Participates in periodic information systems risk assessments including those associated with the development of new or significantly enhanced business applications.

10. Establish and fine-tune security governance, risk and compliance metrics, then on develop routine reports in accordance with the metrics.

11. Prepares and periodically updates draft information security policies, architectures, standards, and/or other technical requirement documents needed to advance information security at the organization.

12. Perform or support any tasks related to the function of the Department as assigned by Director of Risk and Compliance or CISO which may arise from time to time

TECHNICAL COMPETENCIES 

• Practical understanding on industry frameworks for cyber / information security such as National Institute of Standards and Technology (NIST) Cyber Security Framework, COBIT, Information Security Management System (ISMS), Payment Card Industry Data Security Standard (PCI DSS) and Bank Negara Malaysia’s Risk Management in Information Technology (RMiT);

• Thorough understanding of end-to-end IT operations and how IT interfaces with business, risk management and compliance processes and IT Security 

• Demonstrate understanding of defense in depth concepts and supporting security technologies, including but not limited to: endpoint protection, network access control, remote access VPN, file integrity monitoring, firewalls, IDS/IPS, SIEM, application security controls, identity management / federated identity services and public key infrastructure. 

• Prior experience developing and implementing security solutions. 

• Demonstrate knowledge of threat actor Tactics, Technique, and Procedures (TTPs) as well as corresponding mitigation/disruption techniques. 

• Prior experience securing public cloud environments (AWS, Azure) 

• Demonstrate expertise with addressing zero-day threats, intrusions, malware infection and experience with packet analysis.

1. Degree in Information Technology (IT), Computer Science or other related discipline with relevant experience in managing cyber risk in financial market infrastructures, critical national infrastructure, military, security intelligence or equivalent

2. Cyber security expert with 5 to 7 years or more hands-on experience

3. Professional certification such as CISM, CISA, CISSP or equivalent

ADDITIONAL REQUIREMENTS 

• Excellent interpersonal, facilitation, and leadership skills along with effective communication (both written and verbal) skills. 

• Strong history of external engagement with industry peers, working groups, and cybersecurity communities globally