Specialist, Information Application, Cybersecurity Risk

Are you passionate about safeguarding sensitive data and ensuring regulatory compliance? We are seeking a dynamic Senior Executive, Cybersecurity, to join our Data, Technology & Cyber Risk function in managing the cybersecurity posture across YTL Digital Bank.

Job Description:

The Senior Executive will assist the Chief Information Security Officer to establish and maintain robust governance and oversight over cybersecurity matters. In this role, you will play a pivotal role in shaping the way we handle, govern, and enhance our technological assets, and comply with applicable regulatory laws and regulations.

Primary Responsibilities:

• Conduct risk assessments on products, technology assets and recommend mitigation actions to address vulnerabilities, if any against internal policies, guidelines, data protection laws and regulatory requirements.
• Investigate and report on incidents of cybersecurity incidents or non-compliance, as required.
• Assist with the development, update and/or implementation of cybersecurity-related framework, policy, guideline and/or initiative(s) to facilitate effective risk management and governance.
• Advise Business Units and Functional Units to embed cybersecurity considerations and/or enhance control measures into the design and implementation of new and existing products, services and processes.
• Assist with the development and maintenance of incident response procedures to address cybersecurity incidents, including notification to internal stakeholders and relevant authorities, as required.
• Provide oversight and coordinate with the Cybersecurity and Technology teams such as vulnerability management, access controls and cloud security posture.
• Provide advisory, guidance and challenge to Business Units and Functional Units in their management of cybersecurity risks to achieve their business objectives and within the organization's risk appetite.
• Work with stakeholders to ensure that the organization has and maintains appropriate cybersecurity and technology documentation.
• Work with stakeholders to ensure awareness of best practices relating to cybersecurity and data security, fostering data risk awareness and security-conscious culture in alignment with cybersecurity strategy, technology roadmap and risk appetite.
• Assist in preparing reports for Senior Management and relevant committees, highlighting key findings, recommendations, trends and/or non-compliance with applicable regulations.
• Assist in responses to enquiries and audits (i.e. internal, external, regulatory and relevant authorities) pertaining to cybersecurity and data protection.
• Provide regulatory compliance support, guidance and advice to Business Units and Functional Units regarding regulatory changes and updates, where relevant and required.
• Stay abreast of emerging technology trends, cybersecurity and data protection laws, and regulatory developments to proactively address potential risks, and assist in communicating potential concerns or risks that might impact the organization.

Qualifications:

• Bachelor's degree in Cybersecurity, Management Information Systems or a related field.
• Minimum of 3 years' experience in any of these disciplines: data protection, information security, risk management or compliance in related areas.
• Professional certification such as CISSP, CISM, CRISC, CCSP, CCZT or CCSK would be advantageous.
• Sound knowledge in regulatory requirements around technology risk (e.g. BNM's Risk Management in Technology, Guidelines on Data Management and MIS Framework) and data protection laws (e.g. PDPA).
• Good knowledge of standards, frameworks and best practices of cybersecurity, third party and IT risk management.
• Knowledge of cloud computing and emerging technologies such as artificial intelligence and machine learning (AI/ML) would be desirable.
• Knowledge of DevSecOps practices and data management practices would be desirable.
• Possess strong verbal and written communication skills, and capable of engaging senior stakeholders.
• Clear analytical thought process and good understanding of emerging technological developments and risk management frameworks.
• Ability to work as team-player and manage multiple projects.
• Detail-oriented with a strong sense of ethics and integrity.

Benefits:

• Be part of a fast-growing digital bank that values innovation and people-first culture.
• Gain exposure to diverse hiring projects and talent strategies.
• Opportunity to collaborate with dynamic leaders and cross-functional teams.
• Enjoy a competitive compensation package and career development opportunities.

What We Value:

• Revolutionary
  in our thinking
• Innovative
  in our products, services, and the way we work
• Genuine
  in our intentions
• Honourable
  in our actions
• Tenacious
  in overcoming challenges