Vice President - Information Security and Technology Risk Compliance, APME

Job Description

• 
  Understand and able to analyze laws and regulations with respect to cybersecurity, information security and technology risk in APME
• Ensure information is protected across the Bank and that effective information security and technology risk programs, strategies, practices, processes and systems are in place and functioning as required
• Work with the IT Security team and other internal teams to drive initiatives to strengthen the Bank’s cyber resilience (such as penetration testing)
• Perform security risk assessment for new IT projects and technologies
• Independently verify the functional and technical controls with respect to information security and technology risks across the Bank
• Deliver security awareness training and other awareness activities to the Bank’s employees
• Ensure the implementation and continuous adaptation of the technology risk management framework
• Ensure compliance of the technology risk management framework in APME
• Prepare management information reporting in accordance to Key Performance Indicators and Key Risk Indicators
• Actively participate in global and regional initiatives to ensure technology risk management policies and practices are adhered to
• Liaison withother functions viavarious meetings, working groups and Committees
• Review Security Information and Event Management (SIEM) alerts to detect security breaches and conduct investigations if required
• Monitor industry cyber threat feeds and news and document appropriate analysis
• Assist in responses to regulators' requests

Qualifications and Education Requirements

• Bachelor degree holder in Computer Science, Information Systems or relevant discipline
• CISSP, CISA, CISM or SANS GIAC qualification preferred
• Minimum 8-10 years of experience in handling information security or technology risk or IT security projects within multinational companies

Skills and Competencies

• Strong understanding of security risk assessment methodologies for different technologies
• Good understanding of the information security, cyber security and technology risk regulations in APME
• Good understanding of the tools and techniques used by ethical hackers
• Good understanding of commonly used security tools and concepts including Firewall, Intrusion Detection, APT, Data Loss Prevention, Cloud Computing and Quantum Computing
• Good project management skill
• Keen to develop or enhance existing information security, cyber security and technology risk skills
• Knowledge of ISO 27001, NIST Cybersecurity Maturity Framework and other security compliance standards
• Strong analytical skill with the ability to present complex data in a clear and concise manner
• Strong presentation skill with the ability to explain complicated technical security issues to different stakeholders
• Excellent communication skills (in English, verbally and in writing) and interpersonal skills
• Prior experience in financial institute in Middle East is preferred

Required Skills/Qualifications/Experience

The Information Security and Technology Risk Compliance Officer is responsible for supporting and monitoring the Bank’s vision, strategy and program to ensure information assets and technologies are adequately protected and in compliance with regulatory standards across Asia Pacific and Middle East (APME).

The role will help with identifying, developing, implementing and maintaining policies, procedures and processes across the Bank to reduce information security and technology risks and ensure adherence to laws and regulations in APME. In addition, the role will assist in strengthening the cyber resilience of the Bank by establishing appropriate standards and controls, managing security technologies, and supporting the establishment and implementation of relevant policies and procedures in order to ensure adherence to laws and regulations in APME.

The position has regional coverage across APME and will directly report to the APME Head of Security.