Job Description

Governance

• Manage independent assessments and advisory relating to information security-related risks to management, MRC, BRMC, SCC, ITGAC, ITSC, PSC and functional heads of business
• Manage an independent assessment on information security risks and mitigation strategies pertinent to projects, initiatives, operational processes, outsourcing arrangements and systems design/architecture
• Manage reporting to SEM information security governance committee on information security related matters pertaining to MCIS
• Support main liaison point with BNM and LIAM regulators on matters pertaining to information security
• Support relationship and expectation with BNM and articulate to the company the intention of the BNM\xe2\x80\x99s rules and negotiate with BNM to apply the rule in the company practically

Risk

• Manage implementation, review and revise frameworks, policies and standards on information governance, security, risk management, and compliance
• Manage risks and non-compliance in accordance with MCIS Insurance\xe2\x80\x99s defined risk management methodologies, and within defined risk appetites
• Support main liaison in the 2nd line function, work in close consultation with the Head of Information Technology (1st line function) and independent auditors (3rd line function) to identify key risk areas for mitigation, or opportunities for improvement and derive value from IT initiatives and investments
• Support oversight for the execution of security assessments by independent consultants including vulnerabilities and penetration tests, compromise assessment, internal Red-Team exercises and coordinate with IT to resolve issues identified
• Manage works in close consultation with SEM counterparts to align MCIS\xe2\x80\x99 risk management strategies pertaining to information security risks with Sanlam Group Strategy
• Manage works with business functions to ensure information security-related risks are updated, and correctly tracked in accordance with defined methodologies
• Manage promoting information security awareness, good governance and good practices across all functional departments
• Manage keeping apprised of current and emerging technology risks which could potentially affect the company\xe2\x80\x99s risk profile
• Manage assurance of the company\xe2\x80\x99s information assets and technologies are adequately protected
• Support advising senior management on technology risk and security matters, including developments in the company\xe2\x80\x99s technology security risk profile in relation to its business and operations.

Compliance

• Manage review and compliance with relevant legal & regulatory frameworks, guidelines, circulars and memos from BNM and LIAM
• Manage highlighting areas of non-compliance to senior management and establish compliance roadmaps to address gaps in compliance
• Manage identifying instances of non-compliance and breaches in regulatory requirements and support established policies with relevant business units. Support highlighting such instances to senior management and relevant HODs for appropriate action
• Manage promoting a strong and healthy compliance culture in the company by raising employee awareness in cyber threat which arises from the latest technology development and changes

Qualification Candidates with the one of more following certifications or trainings: PMP, ITIL, COBIT, CISA, CISSP, CISM, CRISC, CDPSE or CGEIT is required Experience

• Must have minimum 7 years working experience in information security, preferably with at least 3 years in the Financial Services or Insurance industry in a management or consultation capacity
• Good working understanding of BNM regulatory requirements including (but not limited to) RMiT, PDPA 2012 and all relevant regulatory requirements and frameworks
• Working experience with ISO27001, 27002, PCIDSS, Technology Risk Management/Cyber Security/Resilience Framework and other industry best practices

Interested candidates kindly send your updated CV to info@sixdegreeconsulting.com. For more updates on job opportunities: Like us at our Facebook Page https://www.facebook.com/SixDegreeConsulting. Follow our LinkedIn Page: LinkedIn \xe2\x80\x93 Six Degree Consulting (Executive Search & Payroll)