Security Assurance Lead

The Security Assurance Lead is responsible for developing and executing robust security strategies, policies, and procedures to ensure the protection of the digital bank's assets, data, and operations in compliance with Malaysia's regulatory framework. This role involves identifying and mitigating security risks, managing regulatory compliance, and driving a strong security culture within the organization.

The Security Assurance Lead's role in Boost Digital bank is vital for navigating the unique regulatory landscape, safeguarding sensitive data, and ensuring the secure and compliant operation of the digital banking platform.

Key Responsibilities:

Security Strategy and Planning:

1. Develop, implement, and maintain a comprehensive security strategy tailored to Malaysia's banking industry and regulatory requirements.
2. Collaborate with senior management to establish security objectives aligned with the digital bank's business goals.

Regulatory Compliance:

1. Stay current with local regulations and guidelines issued by Bank Negara Malaysia (BNM) and other relevant authorities pertaining to cybersecurity, data privacy, and financial industry security.
2. Ensure the digital bank's security practices and policies are aligned with BNM's requirements and industry best practices.

Risk Assessment and Management:

1. Conduct thorough risk assessments and vulnerability assessments specific to the Malaysian digital banking landscape.
2. Develop and execute risk management strategies to prioritize and mitigate security risks.

Security Policies and Procedures:

1. Create, implement, and enforce security policies, standards, and procedures that align with local regulations and international standards.
2. Ensure security policies address the unique challenges and risks faced by digital banks in Malaysia
   .

Security Audits and Assessments:

1. Coordinate and conduct regular security audits, assessments, and penetration testing to evaluate the effectiveness of security controls.
2. Collaborate with internal and external auditors to demonstrate compliance with regulatory requirements.

Incident Response and Management:

1. Develop and maintain a robust incident response plan specific to Malaysian regulatory requirements.
2. Lead incident response efforts in the event of security breaches or incidents, ensuring timely resolution and reporting as mandated by BNM.

Security Awareness and Training:

1. Design and deliver security awareness programs and training tailored to local cultural and regulatory considerations.
2. Promote a strong security culture among employees and stakeholders within the Malaysian digital bank
   .

Vendor and Third-Party Security:

1. Evaluate and manage the security practices of third-party vendors and partners, ensuring they meet local regulatory expectations.
2. Monitor and assess vendor security risks, considering Malaysia-specific factors
   .

Security Architecture and Design:

1. Collaborate closely with IT and development teams to embed security principles into the architecture and design of digital banking systems, ensuring compliance with local regulations.

Security Incident Reporting:

Prepare and present regular reports on security incidents, risks, and compliance efforts to senior management, BNM, and relevant committees
.

Job Requirements & Criteria:

• Bachelor's degree in Computer Science, Information Security, Cybersecurity, or a related field.
• Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or industry-specific certifications related to Malaysia's banking sector.
• Extensive experience in information security, with a focus on the financial industry in Malaysia.
• In-depth understanding of local cybersecurity regulations, guidelines, and standards, including those issued by Bank Negara Malaysia (BNM).
• Proficiency in security tools, technologies, and risk assessment methodologies relevant to the Malaysian digital banking landscape.
• Excellent communication skills, including the ability to communicate effectively with regulators and senior management.
• Strong leadership and collaboration abilities in cross-functional and multicultural environments.
• Analytical mindset with the ability to tailor security strategies to address Malaysia-specific risks and challenges.