Talent.com
Tawaran kerja ini tidak tersedia di negara anda.
Manager, Group Information Security

Manager, Group Information Security

FWD InsuranceMalaysia
16 jam yang lalu
Penerangan pekerjaan

About FWD Group

FWD Group (1828.HK) is a pan-Asian life and health insurance business that serves approximately 34 million customers across 10 markets, including BRI Life in Indonesia. FWD's customer-led and tech-enabled approach aims to deliver innovative propositions, easy-to-understand products and a simpler insurance experience. Established in 2013, the company operates in some of the fastest-growing insurance markets in the world with a vision of changing the way people feel about insurance. FWD Group is listed on the main board of the Hong Kong Stock Exchange under the stock code 1828.

For more information, please visit

FWD Technology and Innovation Malaysia Sdn. Bhd., known as FWD TIM, was established in late 2019. Strategically located in Kuala Lumpur, FWD TIM serves as a pivotal shared service location within FWD Group, providing services to multiple markets across the Group. FWD TIM houses a diverse and talented workforce focused on essential business and technology services such as information security, cloud operations, IT solutions delivery, digital and data, actuarial, finance, investments, and customer service, among many others. FWD TIM is dedicated to drive and deliver operational excellence and efficiency, foster innovation and ensure regulatory compliance across all business functions as well as maintain a competitive edge in the market.

PURPOSE

This role serves as a trusted security advisor to business unit leadership, bridging the gap between the One Information Security (OneIS) team and business unit operations, and ensuring alignment of security initiatives with both OneIS strategy and business unit goals.

Key responsibilities include risk identification and mitigation, translating complex security concepts into business-relevant language, promoting security awareness, and supporting audit and compliance efforts.

The role also involves monitoring and managing issues, leading risk assessments, advising on technology business risks, and ensuring adherence to internal policies and regulatory guidelines.

Additionally, the manager will assist with defining and reporting Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs), manage technology and security threats, and support audits and regulatory reviews.

KEY ACCOUNTABILITIES

  • Operational Liaison : Bridge the gap between the One Information Security (OneIS) team and business unit operations, ensuring that security policies, standards, and processes are clearly communicated and effectively adopted.
  • Strategic Alignment : Collaborate with business stakeholders to ensure that security initiatives are aligned with both the OneIS strategy and the specific goals of the business unit.
  • Risk Identification and Mitigation : Continuously assess and monitor risks unique to the business unit, including cybersecurity threats and compliance obligations. Support the development and execution of tailored mitigation strategies.
  • Security Awareness and Communication : Translate complex security concepts into business-relevant language. Promote a culture of security through targeted awareness efforts and training programs.
  • Audit and Compliance Support : Assist in preparing for and responding to audits and regulatory assessments. Ensure the business unit adheres to applicable laws, regulations, and internal security policies.
  • Monitor and Action Issues : Track and manage issues and intake requests to ensure timely resolution.
  • Risk Assessments : Lead or contribute to business technology risk assessments, control gap assessments, and develop risk mitigation and remediation plans.
  • Advisory Role : Advise partners on Technology Business Risks and Information Security regulations, policies, standards, and incidents.
  • Risk Monitoring : Assess and monitor Business Technology Risk, including information security, cyber security, resilience, third-party management, project / operations / change management quality, architecture, data quality, and IT compliance.
  • KRI and KPI Reporting : Assist with the definition, monitoring, and reporting of Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs).
  • Policy Adherence : Adhere to internal policies and procedures, technology control standards, and applicable regulatory guidelines.
  • Threat Management : Ensure technology, processes, and governance are in place to monitor, detect, prevent, and react to both current and emerging technology and security threats to FWD.
  • Risk Reporting : Communicate timely on identified and ongoing technology risks, monitor key trends and ensure BU key stakeholders are up-to date.
  • Audit Support : Provide support and consulting for audits and regulatory reviews; help compose management responses and appropriate remediation activities.
  • Align security reviews to FWD One Information Security and overall IT Strategy needs

KEY PERFORMANCE INDICATORS

  • Risk Reduction rate : Percentage decrease in identified of security risks over time.
  • Ensuring compliance to One Information Security standards.
  • Conduct reviews and advise business on mitigation steps
  • The timely remediation of key risks identified without undue delay to the delivery of business objectives.
  • Supporting in uplifting Vulnerability management program
  • Identify opportunities to automate security initiatives

    • EXTERNAL & INTERNAL CONTACTS

  • Group CISO
  • Office of the CISO
  • Business Units IT Security Teams
  • Group and Business Units Chief of Technology and Operations
  • Business Units IT & Operations
  • Group and Business Units Internal Audit
  • External Auditors
  • Vendors and / or Service Providers

    • QUALIFICATIONS / EXPERIENCE

  • University degree from Information Technology or equivalent discipline.
  • Minimum 7 years working experience in IT Security Management role, preferably in Financial Services.
  • Regional experience in IT Security Technical or Engineering roles.
  • Technical experience in Identify, Protect, Detect, Response or Recover areas.
  • Sufficient experience and Subject Matter Expert level of knowledge in fields of Information Security & solid understanding of project teams' needs. For instance, secure architecture design, risk assessment and remediation & general IT technologies.
  • Sound consulting capability including, clear and concise written and verbal communications, ability to manage senior stakeholders, and work on high profile projects with tight timelines, always present logical thinking and problem- solving capabilities even under pressures.

    • KNOWLEDGE & TECHNICAL SKILLS

  • Must hold ISO 27001 certification
  • Must posses any of the following certification : CISSP|CISM|CISA
  • Good to have : CEH| Comptia
  • Excellent interpersonal and influential skills.
  • Good communication and presentation skills.
  • Collaborative, consultative and customer service focussed approach to delivery.
  • Problem solving and decision making skills; as the incumbent has to deal with a cross section of stakeholders
    • Buat amaran kerja untuk carian ini

    Manager Security • Malaysia