Head of Information Security

The Head of Information Security in the Boost DigiBank is responsible for ensuring the security of the bank's information systems and data, and for managing the bank's overall information security st rategy. The Head of Information Security is typically a high -level executive who reports directly to the Bank's CEO or Board of Directors.

Responsibilities:

1. Formulate and facilitate the implementation of Technology Risk Management Framework (TRMF) and Cyber Resilience Framework (CRF) which are to be aligned to Enterprise Risk Management Framework;

2. Work closely with all relevant business divisions, IT and other support functions to put in place appropriate policies & procedures in place to support & complement TRMF and CRF as well as to ensure compliance with BNM guidelines on information technology (IT) risks;

3. Assess adequacy of IT security & cybersecurity stra tegy including the employment of effective tools to monitor and enable timely detection of anomalous activities;

4. Responsible for developing and implementing IT Security Assessment (Application, infrastructure, network architecture) and risk management frameworks, policies and including site reviews of branch offices, data centres and vendors

5. Assess whether enterprise information security architecture and roadmaps are able to support both business and information security objectives and monitor/report on the status of implementation.

6. Develop appropriate technology risk appetite (tolerance levels) and suitable Key Risk Indicators (KRIs) to effectively monitor technology & cyber risks;

7. Review & monitor results of penetration testing/vulnerability assessments/IT audits and monitor/report on status of corrective actions taken;

8. Work closely with System, Network and Application teams for closure of non - compliance issues, which could be identified through periodic IT Security -related reviews / audits and controls

9. Advise and validate the operational IT Security requirements for any technology projects;

10. Assess the reasonableness/practicality of expenditures and capital investments pertaining to the implementation of new technologies;

11. Develop and/or review adequacy of Cy ber Incident Response Plan (CIRP), processes, reporting templates and rules to formalise response to incidents involving cyberattacks or disaster;

12. Coordinate with relevant stakeholders on forensic investigations, cybercrimes, and/or cyberattacks and incide nt response;

13. Coordinate threat management and recovery against cyber threats (e.g., malware, phishing, hacking);

14. Ensure timely reporting IT Security related incidents (cyberattacks, etc.) to senior management, the Board and regulators and participate and c ontribute from a risk assessment perspective as and when required; Head of Information Security (Digital Bank)

15. Attending to the Board -level Committee to provide independent views to the board and senior management on technology risks at the enterprise level.

Overall, the CISO plays a critical role in ensuring that the bank's information assets are protected from unauthorized access, theft, or damage, and that the bank's customers can trust the security of their financial transactions and personal information.

The Must Have:

• Degree in Information Technology (IT), Computer Science or other related discipline with relevant experience in managing cyber risk in financial market infrastructures, critical national infrastructure, military, security intelligence or equivalent.

• 8+ years of full -time work experience in information security management and/or related functions (such as IT audit and IT Risk Management);

• Professional certification such as CISM, CISA, CSXP, CISSP, CREST, GPEN or equivalent is highly desirable.

• Good understanding of the regulatory frameworks and compliance requirements associated with financial services and thorough understanding of end -to-end IT operations and how IT interfaces with business, risk management and compliance processes and IT Security.

• Must possess excellent interpersonal skills and able to communicate and manage relationship at all levels including senior management, business users, participants, vendors and team members.

• Ability to communicate security risks in business terms to all levels of the organization.

• Knowledge of security metrics and Key Security Risk indicators