Job Description

:

About Us

Bjak is focused on providing access to affordable and sustainable financial services for people in ASEAN. Headquartered in Malaysia, Bjak is the largest insurance portal in Southeast Asia. Our main portal, Bjak.com, helps millions find the insurance policy with the best value and highest coverage for them. Our investments in technology such as Custom API, blockchain, trading systems and data science is to enable easy access to financial services that were previously inaccessible or difficult to understand.

Our core strengths are in navigating the most complex regulations and environments, creating some of the most innovative products in the world. For instance, we are the first platform globally to simplify and offer investment-linked life and health insurance online, coupled with an instant talk-to-agent service.

If you enjoy building cutting edge platforms and ecosystems to give equal access to financial services for the masses - Speak to us.

Responsibilities

• Liaise with the law enforcement and other advisory bodies as applicable by Bank Negara Malaysia to ensure that the organization maintains a strong security posture.
• Lead Compliance, Certification & Audit activities pertaining to Information Security.
• Develop and implement a strategic, long-term information security strategy and roadmap to ensure that information services and assets are adequately protected as per companys risk appetite.
• To determine and enact Risk Tolerance Level while working with senior leaders across the business
• Identify, evaluate and report on information security risks, practices and projects to the C-Suite and the GRC Steering Committee, and provide expertise on security standards, regulations and best practices (e.g., RMiT, SOC II, PCI, ISO 27001, NIST, CIS, Bank Negara Malaysia etc.).
• Develop, mentor, and manage a high performing staff of information security professionals.
• Ensure that the security management program is in compliance with applicable laws, regulations, and contractual requirements especially RMiT set by Bank Negara Malaysia.
• Act as the champion for the enterprise information security program and foster a security-aware culture.
• Oversee the evaluation, selection and implementation of information security solutions that are innovative, cost-effective, and minimally disruptive.
• Partner with enterprise architects, infrastructure, and applications teams to ensure that technologies are developed and maintained according to security policies and regulations.
• Build and oversee enterprise-wide strategic and tactical programs for:
• Incident and Breach Management (incident response planning and the investigation of security breaches, and assist with any associated disciplinary, public relations and legal/compliance matters)
• Identity and Access Management
• Enterprise Information Architecture Gap Analysis and Hardening
• Security Engineering, Operations and Assessments
• GRC (Policies & Procedures, Consolidation of regulatory/contractual requirements, internal & external audits, security best practices and guidelines) and oversee their approval, dissemination, and maintenance
• Secure System and Software Development Lifecycle
• Vulnerability and Patch Management
• Prepare Business Continuity and Disaster Recovery Plan
• Data Leak and Fraud Prevention
• Develop business metrics to measure the effectiveness of the security management program, and increase the maturity of the program over time.
• Monitor the industry and external environment for emerging threats and advise relevant stakeholders on appropriate courses of action to maintain acceptable cyber risk posture.
• Oversee and lead the creation, communication and implementation of a process for managing vendor risk and other third-party risk.
• Lead due diligence and post integration activities related to information security for applicable Mergers & Acquisitions (M&A) activity

• Bachelor\'s Degree in computer science, engineering, or a related field; (graduate degree preferred).
• Professional certifications, such as; CISSP, CISM, CRISC, CDPSE, OSCP, ITIL, ISO
• Update plan and maintenance of all industry recognized professional certifications including continuous professional education.
• Minimum 10 years of IT and/or business leadership experience, and 8+ years of information security/cybersecurity experience.
• A proven track record in developing information security policies and procedures, and successful execution.
• Extensive knowledge of business risk, risk assessment and risk-based decision making.
• Able to communicate security and risk-related concepts to both technical and non-technical audiences (in business terms), including board level.
• A natural influencer and coalition builder; passionate about building high performing teams.
• Ability to inspire and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals; an innovative leader, problem solver and advisor.
• Ability to evangelize IT security to make it a critical part of business operations; build trust and respect for the security function.
• Excellent written and verbal communication, interpersonal and collaborative skills.
• Experienced with contract and vendor negotiations.
• Knowledge of security, risk and control frameworks and standards such as RMiT, ISO 27001 and 27701, NIST, CIS, PCI DSS, Bank Negara Malaysia and other applicable standards/regulations.
• Understanding of cloud, on-premise, & IoT architectures, and their implications on information security strategy.
• Technical acumen including but not limited to: OSI, IT infrastructure, cloud, application security, tools and frameworks, database technologies, web technologies, network architecture and Identity Access Management/Privileged Access Management services.
• Security technology acumen and experience including but not limited to: firewall, intrusion detection, cyber-attack tools and defences, encryption, certificate authority, web filtering, anti-malware, email security/gateways, directory services, multi factor authentication.

• Be at the forefront at tackling the hardest problems within the financial services industry
• Team culture - highly practical and results oriented
• Free training and development, constantly improve yourself
• Subsidized insurance coverage for medical and life insurance
• Great lifestyle - gym memberships, free weekly lunch, rebates, free trips and many more

Bjak