Head of Information Security

Boost Bank Federal Territory of Kuala Lumpur, Malaysia

Head of Information Security

Boost Bank Federal Territory of Kuala Lumpur, Malaysia

The Head of Information Security in the Boost DigiBank is responsible for ensuring the security of the bank's information systems and data, and for managing the bank's overall information security strategy. The Head of Information Security is typically a high‑level executive who reports directly to the Bank's CEO or Board of Directors.

Responsibilities :

• Formulate and facilitate the implementation of Technology Risk Management Framework (TRMF) and Cyber Resilience Framework (CRF) which are to be aligned to Enterprise Risk Management Framework.
• Work closely with all relevant business divisions, IT and other support functions to put in place appropriate policies & procedures in place to support & complement TRMF and CRF as well as to ensure compliance with BNM guidelines on information technology (IT) risks.
• Assess adequacy of IT security & cybersecurity strategy including the employment of effective tools to monitor and enable timely detection of anomalous activities.
• Responsible for developing and implementing IT Security Assessment (Application, infrastructure, network architecture) and risk management frameworks, policies and including site reviews of branch offices, data centres and vendors.
• Assess whether enterprise information security architecture and roadmaps are able to support both business and information security objectives and monitor / report on the status of implementation.
• Develop appropriate technology risk appetite (tolerance levels) and suitable Key Risk Indicators (KRIs) to effectively monitor technology & cyber risks.
• Review & monitor results of penetration testing / vulnerability assessments / IT audits and monitor / report on status of corrective actions taken.
• Work closely with System, Network and Application teams for closure of non‑compliance issues, which could be identified through periodic IT Security‑related reviews / audits and controls.
• Advise and validate the operational IT Security requirements for any technology projects.
• Assess the reasonableness / practicality of expenditures and capital investments pertaining to the implementation of new technologies.
• Develop and / or review adequacy of Cyber Incident Response Plan (CIRP), processes, reporting templates and rules to formalise response to incidents involving cyberattacks or disaster.
• Coordinate with relevant stakeholders on forensic investigations, cybercrimes, and / or cyberattacks and incident response.
• Coordinate threat management and recovery against cyber threats (e.g., malware, phishing, hacking).
• Ensure timely reporting IT Security related incidents (cyberattacks, etc.) to senior management, the Board and regulators and participate and contribute from a risk assessment perspective as and when required.
• Attending to the Board‑level Committee to provide independent views to the board and senior management on technology risks at the enterprise level.

Overall, the CISO plays a critical role in ensuring that the bank's information assets are protected from unauthorized access, theft, or damage, and that the bank's customers can trust the security of their financial transactions and personal information.

Qualifications :

Seniority level

Employment type

Job function

Industries

Federal Territory of Kuala Lumpur, Malaysia

#J-18808-Ljbffr