Job Description

s: \xef\x83\xbc Lead Compliance, Certification & Audit activities pertaining to Information Security. \xef\x83\xbc Develop and implement a strategic, long-term information security strategy and roadmap to ensure that MobilityOne\xe2\x80\x99s information services and assets are adequately protected as per company\xe2\x80\x99s risk appetite. \xe2\x80\xa2 To determine and enact MobilityOne\xe2\x80\x99s Risk Tolerance Level while working with senior leaders across the business \xef\x83\xbc Identify, evaluate and report on information security risks, practices and projects to the C-Suite and the GRC Steering Committee, and provide expertise on security standards, regulations and best practices (e.g., SOC II, PCI, ISO 27001, NIST, CIS, Bank Negara Malaysia etc.). \xef\x83\xbc Develop, mentor, and manage a high performing staff of information security professionals. \xe2\x80\xa2 Chair the information security steering committee (subset of GRC Steering Committee) \xe2\x80\xa2 Develop the GRC Steering Committee and Board\xe2\x80\x99s understanding of security beyond a \xe2\x80\x98compliance-only\xe2\x80\x99 view. \xef\x83\xbc Ensure that the security management program is in compliance with applicable laws, regulations, and contractual requirements. \xef\x83\xbc Act as the champion for the enterprise information security program and foster a security-aware culture. \xef\x83\xbc Oversee the evaluation, selection and implementation of information security solutions that are innovative, cost-effective, and minimally disruptive. \xef\x83\xbc Partner with enterprise architects, infrastructure, and applications teams to ensure that technologies are developed and maintained according to security policies and regulations. \xef\x83\xbc Build and oversee enterprise-wide strategic and tactical programs for: \xe2\x80\xa2 Incident and Breach Management (incident response planning and the investigation of security breaches, and assist with any associated disciplinary, public relations and legal/compliance matters) \xe2\x80\xa2 Identity and Access Management \xe2\x80\xa2 Enterprise Information Architecture Gap Analysis and Hardening \xe2\x80\xa2 Security Engineering, Operations and Assessments \xe2\x80\xa2 GRC (Policies & Procedures, Consolidation of regulatory/contractual requirements, internal & external audits, security best practices and guidelines) and oversee their approval, dissemination, and maintenance \xe2\x80\xa2 Secure System and Software Development Lifecycle \xe2\x80\xa2 Vulnerability and Patch Management \xe2\x80\xa2 Prepare Business Continuity and Disaster Recovery Plan \xe2\x80\xa2 Data Leak and Fraud Prevention \xef\x83\xbc Develop business metrics to measure the effectiveness of the security management program, and increase the maturity of the program over time. \xef\x83\xbc Monitor the industry and external environment for emerging threats and advise relevant stakeholders on appropriate courses of action to maintain acceptable cyber risk posture. \xef\x83\xbc Liaise with the law enforcement and other advisory bodies as applicable by Bank Negara Malaysia to ensure that the organization maintains a strong security posture. \xef\x83\xbc Oversee and lead the creation, communication and implementation of a process for managing vendor risk and other third-party risk. \xe2\x80\xa2 Lead due diligence and post integration activities related to information security for applicable Mergers & Acquisitions (M&A) activity Experience and Skill Set: \xef\x83\xbc Bachelor\'s Degree in computer science, engineering, or a related field; (graduate degree preferred). \xef\x83\xbc Professional certifications, such as; o CISSP o CISA o CISM o CRISC o CDPSE o OSCP o ITIL o ISO o etc. \xef\x83\xbc Update plan and maintenance of all industry recognized professional certifications including continuous professional education. \xef\x83\xbc Minimum 10 years of IT and/or business leadership experience, and 8+ years of information security/cybersecurity experience. \xef\x83\xbc A proven track record in developing information security policies and procedures, and successful execution. \xef\x83\xbc Extensive knowledge of business risk, risk assessment and risk-based decision making. \xef\x83\xbc Able to communicate security and risk-related concepts to both technical and non-technical audiences (in business terms), including board level. \xef\x83\xbc A natural influencer and coalition builder; passionate about building high performing teams. \xef\x83\xbc Ability to inspire and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals; an innovative leader, problem solver and advisor. \xef\x83\xbc Ability to evangelize IT security to make it a critical part of business operations; build trust and respect for the security function. \xef\x83\xbc Excellent written and verbal communication, interpersonal and collaborative skills. \xef\x83\xbc Experienced with contract and vendor negotiations. \xef\x83\xbc Knowledge of security, risk and control frameworks and standards such as ISO 27001 and 27701, NIST, CIS, PCI DSS, Bank Negara Malaysia and other applicable standards/regulations. \xef\x83\xbc Understanding of cloud, on-premise, & IoT architectures, and their implications on information security strategy. \xef\x83\xbc Technical acumen including but not limited to: OSI, IT infrastructure, cloud, application security, tools and frameworks, database technologies, web technologies, network architecture and Identity Access Management/Privileged Access Management services. \xef\x83\xbc Security technology acumen and experience including but not limited to: firewall, intrusion detection, cyber-attack tools and defences, encryption, certificate authority, web filtering, anti-malware, email security/gateways, directory services, multi factor authentication.
MobilityOne Limited (LSE: MBO.UK) incorporated in Jersey and is listed on AIM of the London Stock Exchange. The group is a leading solution provider for electronic transactions and payments in Malaysia. Our core competencies lie in providing a bridge between the service providers to their end consumers using our technology to accept transactions via multiple channels either via mobile phones, Internet, electronic data capture terminals and even via banking channels like Internet banking portal, automated teller machines (ATM) and mobile banking. Our services are utilised by mobile operators, transportation, financial institutions, hypermarkets, retailers and many other types of services providers requiring payment and transactional technology. MobilityOne has 2 main business pillars which creates a payment eco-system consisting of more than 2,000 retail points and 8 banking partners (collective coverage of more than 10 million account holders)
Bachelor\'s or Equivalent