AVP InfoSec

General Description:

• As the Assistant VP of Information Security and Digital Risk Management (ISDRM), you will be responsible for the 2nd line governance and oversight of information security and digital risks (technology, information, and cyber) within the OCBC Malaysia. The primary role would be to supporting CISO/ Head of Information Security& Digital Risk Management providing 2 nd line defenseroles for cyber, information security and digital risk management.

Key Responsibilities:

• Drive or support risk governance and oversight activities and provide effective challenge to strengthen the effectiveness of technology, information or cyber risk in Group, such as risk mitigation programs.
• Perform regular risk monitoring and management reporting on risk posture to management.
• Support the formulation and regular update of related Framework and supporting Policies to incorporate applicable industry leading practices and regulatory expectations.
• Support the review and enhancement of controls for existing banking services against emerging technology, information and cyber risks.
• Provide risk advisory service, including recommendation of risk mitigation options, on technology, information and cyber risks associated with new banking services, fintech initiatives, outsourcing-related arrangements, regulatory and legal guidelines.
• Support bank-wide initiatives to facilitate management of applicable legal & regulatory requirements (e.g., BNM RMiT, MCIPD, PDPA).
• Collaborate with Business Users in assessment of cyber and information security related risks prior rolling out new products or services.
• Support and uplift the bank-wide technology, information and cyber risk awareness and training program.
• Plan, direct and schedule independent thematic reviews and assessment on the adequacy controls implemented by IT and recommend suitable countermeasures to address cyber, information security and digital risks where applicable to be inline with Bank’s risk appetite.
• Facilitate collaboration effort with Group on Social Engineering Testing Programme.
• Keep abreast of new technologies and related risks, industry trends, and regulatory requirements relating to technology, information & cyber security.

The ideal Candidate will meet the following requirements:

• Degree in Computer Science or equivalent technical degree.
• Relevant professional certifications (e.g., CISSP, CISA, CISM or CRISC) would be advantageous.
• More than 5 years of relevant experience in technology, information or cyber risk management, information security or IT audit within the financial services industry.
• Proficient in risk management, IT governance, IT audit, information & cyber security standards.
• Experienced in leading risk assessments and risk reduction initiatives.
• Good knowledge and experience in managing legal and regulatory requirements pertaining to technology, information or cyber risk domains (e.g., Malaysia, Singapore, Hong Kong, China).
• Good written and communication skills, as well as solution oriented.
• Ability to interact, engage and influence with stakeholders across all levels.
• Ability to contribute through others, collaborate well across seniority, cultures and locations.
• Proactive and able to work well under pressure or tight deadlines.

Primary Location : Malaysia Job Organization

Organization : MAL RiskMgt - Technology & Information Security Risk #J-18808-Ljbffr