Head of Cybersecurity

About the Team:

Are you eager to elevate your career to new heights? Join us for an exhilarating opportunity to pioneer our groundbreaking digital bank project, where boundless possibilities await!

We're thrilled to extend an invitation for you to join our vibrant team of visionaries, innovators, and trailblazers.

The Head of Cyber Security (Digital Bank) is a key member of our Technology leadership team responsible to ensure that the bank’s cyber security controls are effective and complies to regulatory requirements, policies, standards and processes from a technology first line standpoint. 

Your next thrilling adventure awaits with our digital bank project. Join us in shaping the future, today!

About the Role:

• Lead, design and implement cybersecurity controls, framework, strategies, risk assessment and governance, based on policies and best practices to achieve a cohesive and complete cyber resilience and compliance across the bank 

What You'll Do:

• Develop and maintain the cyber security dashboard for the bank via formulation of processes and gathering data from relevant sources to provide reporting on metrics and KCIs on cybersecurity to senior management, Board and regulators
• Analyse cyber security trends for problems and follow up on the workaround and permanent solutions to ensure all indicators are above thresholds 
• Identify each and every relevant cyber security threat and risks (e.g. malware, ransomware), perform risk evaluation, assess the inherent risks and implement agreed mitigation controls 
• Provide oversight on IT security review and decisions in Change approval committees, firewall rules changes, network design and application design for new implementation or changes to network infrastructure and applications of the bank 
• Consolidate and perform analysis of the threat and vulnerability assessment, linking them where possible, and summarized with action plan for submission to internal auditors, external auditors, regulators, technology and cyber risk team and Enterprise Risk team 
• Perform regular IT application controls testing of the cyber security tools deployed by the bank, with the results to be fed into the cyber security dashboard 
• Perform analysis on the vulnerability management reports for presentation to management and related parties 
• Oversee the tracking and ensure remediation of patches and fixes for open vulnerabilities within the agreed service level 
• Manage external penetration test schedules, progress, timeline and logistics; and work with related counterparts to ensure remediations for the penetration test findings are deployed in a timely manner
• Work closely with the regional security team to align security hardening baselines for different technologies deployed in the bank. This includes documenting any deviation process that has been agreed with business unit
• Plan, design and lead the cyber drill exercise which needs to be done minimally once a year
• Develop and implement programmes to promote awareness on good practices in cyber security
• Engage and manage relationships with local regulators and auditors in audits, inspection or matters concerning IT security

What We're Seeking:

• Bachelor's degree or higher in Cyber Security, Information Security, Computer Sciences, Information Systems/Technology, or related field, or equivalent work experience 
• Minimum 10 years of hands-on experience in Cyber Security, Cyber Risk/Compliance and operated in a similar role, preferably in the banking/insurance industry 
• Solid understanding of the latest Information Security principles, techniques, protocols and other industry IT governance standard best practices (e.g. ISO27001, NIST, ITIL, PCI-DSS) 
• Preferably with one or more of the related certification in the areas of Cyber Security/Information Security – CISSP, CISA, CEH, SSCP, OSCP, Comptia Security+, GSEC, or equivalent 
• Knowledge of banking products and services and their supporting technology systems/platforms, with familiarity of front to back-office processes desired 
• Well-versed and solid have work experience related to BNM regulatory frameworks including policy documents on Risk Management in Technology, Outsourcing, Business Continuity Management, Management of Customer Information and Permitted Disclosures amongst others 
• Strong knowledge of cyber security protection framework and familiar with the cyber security pillars of Identify, Protect, Detect, Respond and Recover
• Expertise and experience in securing operating systems and network infrastructure 
• Expertise in securing fundamental networking protocols: DNS, HTTP, TCP, UDP, TLS, IPSEC, 802.1x, NFS
• Good understanding of encryption fundamentals (symmetric/asymmetric, ECB/CBC operations, AES, etc) 
• Good understanding of risk modeling concepts and frameworks
• Good understanding of common exploitation techniques and mitigations 
• Disciplined in developing and enforcing policies, standards and procedures
• Driven self-starter who is delivery focused and possesses effective leadership, interpersonal skills, team player, have strategic thinking and encompassing the ability to build strategic collaborations
• Excellent oral and written communication skills

What We Value:

• Open-mindedness and constructive communication, fostering an environment of mutual support and growth.
• Responsibility and ownership, with a strong sense of accountability.
• Commitment to teamwork and achieving shared goals.
• Customer focus and dedication to delivering results.
• A proactive approach to leading change and innovation.

• Allowance (travel stipends, transportation, etc.)
• Nearby public transport
• Central location
• Smart casual dress code
• Free snacks / Happy hours
• Open culture