Head of Information Security I TNG

We fuel the ideas and ambitions of our people with an environment built on Our DNA of Love, Entrepreneurship, Agility, and Passion – LEAP

We are a culture that empowers everyone to innovate and create solutions that will leave a positive impact on our communities and our nation, Touch 'n Go will always be here to inspire our talents to grow as leaders and innovators giving you the power to make a difference.

What would you do?

The Head of Information Security is responsible for the technology risk management function of Touch 'N Go Sdn. Bhd. (TNGSB). Shall be independent from day-to-day technology operations, keep apprised of current and emerging technology risks which could potentially affect TNGSB risk profile and be appropriately certified. Must also oversee the protection of TNGSB' information data and safeguard the company's IT infrastructure, technologies and assets. Responsible for establishing, implementing and overseeing an effective information security management program to ensure the confidentiality, integrity and availability of TNGSB's information assets. Serves as a critical member of the management team, providing strategic input and advice, technical and governance for information security and cybersecurity initiatives.

Governance and Compliance

• Develop and enforce an enterprise-wide information Security Policy in line with BNM's policies (e.g. Risk Management in Technology, Cyber Resilience Framework, Outsourcing Guidelines, Data Governance).
• Ensure compliance with regulatory requirements, including the Risk Management in Technology (RMiT) policy document.
• Formulate appropriate policies for the effective implementation of TRMF and CRF.
• Enforce compliance with these policies, framework, and other technology related regulatory requirements.
• Monitor and report on the organisation's information security posture to senior management, the board and regulators.

Strategic Planning and Implementation

• Formulate and implement a comprehensive Information Security Strategy aligned with TNGSB's business objectives.
• Develop a robust cybersecurity framework to prevent, detect, and respond to treats and incidents.
• Oversee the design, implementation and monitoring of security controls for systems, networks and data.

Risk Management

• Conduct periodic Technology Risk Assessment (TRA) to identify and mitigate information security risks.
• Ensure effective management of third-party risks related to outsourcing and vendor partnerships, particularly for critical systems and data.
• Lead initiatives for identifying and addressing vulnerabilities and emerging threats.
• Oversees and responsible for the Data Governance Framework of the organisation.

Incident Management

• Establish and maintain an effective Cyber Incident Response Plan (CIRP) in compliance to BNM's guidelines.
• Ensure the timely detection, reporting and resolution of cybersecurity incidents.
• Conduct post-incident reviews to strengthen cybersecurity resilience.

Awareness and Training

• Promote a strong cybersecurity culture across all levels of the organization.
• Implement regular cybersecurity awareness programs for employees and stakeholders.

Collaboration and Reporting

• Act as the primary point of contact for regulators on information security matters.
• Collaborate with the Risk, Compliance and Technology teams to ensure integrated risk management.
• Provide regular updates and reports to the TNG Management Committee (TMC), Management Audit, Risk and Compliance Committee (MARCC), Board Audit, Risk and Compliance Committee (BARCC) and Board of Directors (BOD).

Who should join us?

• Candidate with a min. of 10 years of proven IT security experience in a combination of risk management, information security and preferably in financial services industry.
• Professional certification or qualifications in IT Information Security and Risk, such as CEH/CND/CCISO/CHFI/ ECSS/CTIA /CISSP/ISMS.
• Proven record of dealing with complex projects and meeting conflicting demands.
• Strategic thinker and implementor with excellent stakeholder management across divisions, customers, regulators and business partners.
• Collaborate with industry peers to align with best practices and address shared risks.
• Experienced with Cloud computing across virtualized environments.
• Ability to adapt to fast-moving IT landscape and keep pace with latest thinking and new security technologies.
• Excellent communication skills – providing verbal and written communication that is outstanding to both direct reports and senior management as well as other stakeholders.
• Flexible and adaptable – capable of changing direction where required and showing flexibility to meet new demands.
• Form business partnerships that help drive the IT security strategy forward.
• Able to make decisions that are well informed and timely.
• Multitasking – able to manage several concurrent projects and priorities demands.

Our Perks & Benefits:

• Hybrid and Flexi hours.
• e-Wallet meal allowance.
• Unlimited office pantry fruits, snacks and drinks.
• Mobile and broadband subscription reimbursement.
• Flexibility to opt dependents coverage (spouse, child, parents or parents-in-law) for outpatient medical benefits.
• Additional leave including family leave and paid care leave to care for family members.
• Medical coverage including dental, optometrist, mental care, maternity, registered Traditional Chinese Medicine ("TCM") and Chiropractic.
• Corporate membership discount and many more to explore.

We believe that you have what it takes to fit into the Touch 'n Go family and help revolutionize the Fintech industry by paving the way to a cashless society. If you're ready to take the next step, apply now

Touch 'n Go is an organization that strives to provide Equal Opportunity Employment, based on merit, qualifications, capabilities, and caliber. It is Touch 'n Go's policy to not discriminate based on age, race, religion, colour or other personal status, identity or characteristics. Fair Opportunity is Our Value and Practice. Please advise us of any accommodations you may need by e-mailing:

Note
: Only shortlisted candidates will be contacted.