Information Security Lead

Information Security Lead is responsible to establish, manage and review the technology compliance and its control mechanisms. Contribute to regulatory compliance, technology compliance implementation and technology compliance advisory as part of product or business growth.

• Enhance and implement the approved cyber security strategy aligned with the bank's overall business objectives and regulatory requirements.
• Develop and implement an effective incident response plan to manage and mitigate security breaches.
• Manage, Review and enhancement of SOC services.
• Evaluate and recommend security technologies and solutions
• Act as the primary liaison between the security function and other teams within the organization, including the IT leadership team, risk management and compliance teams, and external partners
• Drive Technology and Cloud risk assessments, control identification and facilitate risk remediation.
• Actively participate and support all phases of the audit lifecycle if required.
• Lead Security testing planning and execution
• Track and manage information security compliance and technology risk related gaps and integrate into enterprise risk management reporting.
• Manage relationships with third-party vendors and ensure they adhere to the bank's security standards
• Management reporting on information security initiatives and risk management activities

• A bachelor’s degree in information systems or other related disciplines from an accredited institution is required.
• Certifications in security, risk management or relevant fields is a plus
• At least 5+ years of relevant experience in financial services technology compliance
• Proven track record in managing compliance and risk in a technology-driven environment, preferably within the banking or financial industry.
• Possess good background in financial services sector, financial transactional processes, technology systems, its regulatory requirements and internal controls (e.g. RMiT, e-money guidelines, outsourcing guidelines, FSA 2013, PDPA)
• Proficiency in risk assessment methodologies, compliance frameworks, and control implementation.
• Experience in working with a consulting firm is an added advantage
• Able to utilize both vertical and lateral thinking in providing perspectives on compliance matters to support risk management and company growth.
• Results-driven person who is highly committed and independent with minimum supervision required.
  Excellent verbal and written communication skills with the ability to address cybersecurity issues in both technical and non-technical terms.
  Good knowledge of technology compliance and technology risk management