Oversee the implementation of PayNet\'s cybersecurity and information security strategy through appropriate management channels to realize cybersecurity objectives and enhance security capabilities.
Evaluate and update the strategy to ensure alignment with overall business goals and industry standards in cybersecurity.
Establish and enforce directive controls, validate internal security measures, and ensure compliance with security protocols.
Collaborate with stakeholders to evaluate cyber, ecosystem, and technology risks.
Coordinate and sustain monitoring of cyber and ecosystem risks.
Undertake additional tasks assigned by Risk & Compliance management.
Lead and supervise team members, setting performance goals, facilitating professional growth, and enhancing skills.
Collaborate with units within the CISO Office and Risk and Compliance departments to advance risk management at PayNet.
Key areas of responsibilities:
Coordinate, plan, manage, and lead work packages for cybersecurity and ecosystem risk and project execution for departmental team members.
Offer expert insights to shape the collective information security strategy, ensuring future security investments align with critical priorities like business needs and industry threat landscape.
Foster regular engagement and proactive collaboration with business and technology teams, ensuring cybersecurity strategies meet both business and technical requirements.
Analyze market and industry trends to adapt security strategies accordingly.
Stay abreast of current and proposed laws, regulations, industry standards, and ethical requirements related to information security and privacy, providing advanced advice and readiness for full compliance.
Design, develop, execute, or supervise cyber risk management, incident management and response, threat intelligence, and overall security monitoring.
Monitor, report on, and suggest improvements for overall threat and vulnerability management processes and procedures.
Take part in periodic information systems risk assessments, including those linked with developing new or significantly enhanced business applications.
Develop, execute, and sustain cyber risk monitoring for the ecosystem involving PayNet\'s participants and critical service providers.
Draft and periodically update information security policies, architectures, standards, and other technical requirement documents to enhance information security at PayNet.
Act as the secretariat for the Internal Security Forum (ISF).
Conduct regular security reviews, risk assessments, thematic reviews, and offer advisories and practical recommendations to address security issues.
Enhance and refine the management of cybersecurity risks and overall CISO operations through process improvements, data analytics, or automation.
Lead and manage team members, including setting performance metrics, identifying personal and career development opportunities, providing coaching and guidance, and enhancing skills and capabilities.
Oversee and supervise the CISO team in their day-to-day security governance and compliance activities, including additional tasks such as cyber response and threat intelligence as necessary.
Execute or assist in tasks related to the department\'s function as delegated by the Director of Risk and Compliance or CISO as they arise.
QUALIFICATIONSMINIMUM QUALIFICATIONS
Bachelor\'s degree in Information Technology (IT), Computer Science, or a related field, coupled with substantial experience in managing cyber risks within financial market infrastructures, critical national infrastructure, military, security intelligence, or equivalent sectors.
A minimum of 15 years of professional experience, with at least 10 years dedicated to cyber and information security governance, risk management, compliance, and related domains.
Proven track record of managing and leading teams of various sizes.
Demonstrated ability to provide security guidance to diverse stakeholders.
Strong background in project management.
Professional certifications such as CISM, CISA, CISSP, or equivalents.
TECHNICAL SKILLS
Hands-on understanding of industry frameworks for cyber and information security, including NIST Cyber Security Framework, COBIT, ISMS, PCI DSS, PDPA, GDPR, and RMiT from Bank Negara Malaysia.
Comprehensive knowledge of end-to-end IT operations and their alignment with business, risk management, compliance processes, and IT security.
Profound understanding of security operations, management, assessment, incident response, threat intelligence, and monitoring.
Proficiency in defense-in-depth strategies and associated security technologies, encompassing endpoint protection, network access control, VPNs, file integrity monitoring, firewalls, IDS/IPS, SIEM, and identity management.
Previous experience in designing, implementing, and operating security solutions, or familiarity with various security technologies.
Demonstrated expertise in threat actor Tactics, Techniques, and Procedures (TTPs) and corresponding mitigation strategies.
Prior exposure to securing public cloud environments, including AWS and Azure.
Proven ability to address zero-day threats, intrusions, malware infections, and adeptness in analysis techniques.
KEY REQUIREMENTS
Understanding of cyber security risks inherent in both internal PayNet operations and external payments ecosystems.
Knowledge of international, regional, and local regulatory requirements, guidelines, and standards pertaining to cyber security, data protection, and privacy, especially within the financial sector.
Experience and familiarity with implementing leading practices, standards, frameworks, and guidelines for managing cyber security risks and incident management.
Proficiency in cyber threat intelligence, incident management and response, conducting attack simulations, and coordinating blue, red, and purple team exercises.
Experience in information and cyber security strategy planning, as well as security architecture design and evaluation.
Effective communication, collaboration, and presentation skills, with the ability to convey complex concepts in clear language and graphics, tailored to both business and layman audiences.
Comprehensive understanding of security operations, management, IT and network infrastructure, technology and solution architecture, and overall IT operations and service management.
Familiarity and experience with designing and implementing security technologies and solutions, particularly in the realm of security monitoring and detection, such as SIEM, SOAR, and overall security operations center operations and management.
Experience in team management and leadership, with demonstrated ability to collaborate across functions and domains.