Director, Group Information Security

About FWD Group

FWD Group (1828.HK) is a pan-Asian life and health insurance business that serves approximately 34 million customers across 10 markets, including BRI Life in Indonesia. FWD's customer-led and tech-enabled approach aims to deliver innovative propositions, easy-to-understand products and a simpler insurance experience. Established in 2013, the company operates in some of the fastest-growing insurance markets in the world with a vision of changing the way people feel about insurance. FWD Group is listed on the main board of the Hong Kong Stock Exchange under the stock code 1828.

For more information, please visit

FWD Technology and Innovation Malaysia Sdn. Bhd., known as FWD TIM, was established in late 2019. Strategically located in Kuala Lumpur, FWD TIM serves as a pivotal shared service location within FWD Group, providing services to multiple markets across the Group. FWD TIM houses a diverse and talented workforce focused on essential business and technology services such as information security, cloud operations, IT solutions delivery, digital and data, actuarial, finance, investments, and customer service, among many others. FWD TIM is dedicated to drive and deliver operational excellence and efficiency, foster innovation and ensure regulatory compliance across all business functions as well as maintain a competitive edge in the market.

PURPOSE

• This role will be instrumental in shaping the strategic direction and execution of the Group's wide cyber defense, threat intelligence, and incident response capabilities across all markets. Reporting directly to the Group Head of GIS, this role ensures that FWD maintains a resilient, intelligence-driven cybersecurity posture aligned with regulatory requirements, industry best practices, and enterprise risk frameworks.

• Constantly establish and maintain an up-to-date, broad and comprehensive understanding of the evolving threat landscape, with the right strategy, tools, people, and culture in place; ensuring adherence to regulatory demands and protecting group-wide critical data assets and systems against vulnerabilities and failures to mitigate reputational and cybersecurity risks, demonstrating that it is safe and secure to do business with FWD.

• Serve in a senior leadership role with full management responsibility across diverse cyber defense functions—including Threat Intelligence, Threat Hunting, Security Operations, Incident Response, Digital Forensics, Vulnerability Management, Insider Risk Management, Data Protection —providing strategic direction and consultation to C-suite senior stakeholders across all FWD markets, with a critical impact on business continuity, operational resilience, and the Group's overall cybersecurity maturity.

KEY ACCOUNTABILITIES

Cyber Defense Strategy & Transformation

• Lead the strategic transformation of security operations into an intelligence-driven, threat-centric function.

• Develop and execute a multi-year cybersecurity roadmap aligned with business growth, cloud adoption, and regulatory evolution.

• Drive adoption of advanced technologies such as SOAR, XDR, and AI-powered threat analytics to enhance detection and response capabilities.

Continuous Monitoring & Threat Detection

• Implement and manage continuous monitoring systems to detect anomalies and emerging threats across hybrid environments.

• Leverage behavioral analytics and machine learning to identify suspicious activities and potential breaches.

• Ensure real-time visibility into security posture through optimized SIEM and telemetry integration.

Incident Detection, Response & Recovery

• Lead end-to-end security incident management, including detection, containment, eradication, and recovery, ensuring minimal business impact and swift restoration.

• Establish and maintain a centralized incident response framework with clear escalation paths, SLA alignment, and regulatory compliance across business units.

• Continuously enhance incident response playbooks using threat intelligence, root cause analysis, and lessons learned from post-incident reviews.

Digital Forensics & Investigation

• Lead forensic investigations to support incident analysis, legal proceedings, and internal reviews.

• Preserve evidence integrity and ensure chain-of-custody compliance during investigations.

• Collaborate with legal and compliance teams to support litigation and regulatory inquiries.

Threat Intelligence & Management

• Develop and operationalize threat intelligence programs to proactively identify and mitigate risks.

• Monitor global threat landscapes and disseminate actionable intelligence to relevant stakeholders.

• Collaborate with external partners and ISACs to enrich threat data and improve situational awareness.

Data Protection & Insider Risk Management

• Monitor and mitigate insider threats through behavioral analytics and access control mechanisms.

• Conduct regular audits to ensure data handling practices meet compliance and security standards.

Leadership & Stakeholder Collaboration

• Establish and lead proactive threat-hunting and intelligence programs to detect and neutralize advanced persistent threats (APTs).

• Oversee real-time incident response operations, including containment, forensic investigation, and post-incident remediation.

• Continuously refine incident response frameworks based on threat landscape evolution and lessons learned.

KEY PERFORMANCE INDICATORS

Threat Detection & Response Efficiency

• Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) for critical incidents.

• Percentage of incidents contained within defined SLA timelines.

• Reduction in false positives through improved detection tuning and automation.

Threat Intelligence & Hunting Maturity

• Number of validated threat intelligence reports disseminated to stakeholders.

• Frequency and effectiveness of threat-hunting exercises conducted across markets.

• Integration rate of external threat feeds and intelligence platforms into operations.

Incident Management & Forensics

• Percentage of incidents with completed forensic investigations and root cause analysis.

• Timeliness of incident reporting and escalation across all markets.

• Quality and completeness of post-incident reports and lessons learned documentation.

Vulnerability & Penetration Testing Coverage

• Percentage of critical assets covered by regular vulnerability scans and penetration tests.

• Time to remediate high-risk vulnerabilities across business units.

• Reduction in recurring vulnerabilities through improved remediation tracking.

Security Operations & Monitoring

• Uptime and performance of SIEM, SOAR, and XDR platforms.

• Coverage of continuous monitoring across cloud, on-prem, and third-party environments.

• Number of anomalies detected and investigated per reporting cycle.

Data Protection & Insider Risk Metrics

• Number of insider risk alerts investigated and resolved.

• Coverage of data loss prevention (DLP) controls across sensitive data flows.

• Reduction in unauthorized access incidents and data handling violations.

Global Event & Risk Readiness

• Number of global threat scenarios simulated and tested annually.

• Timeliness and effectiveness of response to geopolitical or global cyber events.

• Engagement level of local teams in global cyber drills and tabletop exercises.

Stakeholder Engagement & Satisfaction

• Feedback score from internal stakeholders on Cyber Fusion Centre support and responsiveness.

• Number of cross-functional engagements and collaborative threat response initiatives.

• Quality of executive reporting and decision-making support provided.

Cyber Fusion Centre Maturity & Transformation

• Achievement of maturity milestones aligned with frameworks (e.g., MITRE ATT&CK, NIST CSF).

• Successful integration of Cyber Fusion capabilities into digital and cloud transformation programs.

• Increase in automation and orchestration coverage across incident response workflows.

• Implementation of secure-by-design principles in threat detection and response architecture.

EXTERNAL & INTERNAL CONTACTS

• Group CISO

• Group CTOO

• Group CRO and 2LOD

• Market CTOs, CTOOs and CROs

• Market BISOs

• Group and Business Units Internal Audit

• External Auditors

• Vendors and/or Service Providers

• Group Head of Infrastructure & Cloud

• Group Head of Application

• Head of Enterprise Architecture

• Group Head of Shared Services – TIM, VTC, CTC

• Head of Application Delivery

• Head of IT Strategy

QUALIFICATIONS / EXPERIENCE

• Master or Degree from Information Technology, Engineering or equivalent discipline.

• More than 15 years' experience in Information Technology, Information Security Engineering and/or Identity

• Demonstrated experience in leading multiple stakeholders focusing on critical problem resolution in pressured situations.

• Experience supporting cyber security incident management in a large corporation.

• Demonstrated people leadership and stakeholder management skills in a multi-cultural environment.

• Strong communication and presentation skills with ability to influence and negotiate with senior stakeholders across different markets and cultures to achieve desired outcome for the benefits of the organization.

• CISSP, CISM, CISA, CRISC or ISO27001 Certifications required.

KNOWLEDGE & TECHNICAL SKILLS

• Broad and comprehensive understanding of Financial Services industry (insurance in particular).

• Strong knowledge on Security Strategy, Architecture, Threat Analysis & Defence, Threat Intelligence & Detection, Cyber Forensics, Cyber Risk Management and Emerging Technology Synthesis.

•  Prior experience in crowd strike, Splunk or equivalent SIEM/ EDR/XDR technologies and associated service providers.

• Strong verbal and written communication skills, including the ability to provide technical thought leadership on security incident investigation calls with other technology teams, and the ability to translate and simplify complex technical concepts for consumption by non-technical audiences.

• Demonstrated experience working globally and building multi-national teams is key, as well as the ability to lead through both organizational structures and positive influence.

• Comprehensive and relevant KRIs and metrics for Technology Assurance and Information Security Teams.

COMPETENCIES:

• Leadership and coaching skills

• Senior Stakeholder Management skills

• Strategic Planning

• Change Management

• Business and Financial Acumen

• Strong and Effective Communication, Influencing and Negotiation skill

• Advisory and Consultative skills

• Global Mindset and Transdisciplinary Thinking

• Conflict management

• Negotiation Skills

• Strategic Problem Solving and Decision Making