Job Description

Our client, a leading fintech industry player based in Kuala Lumpur, is in search of a Security Assurance Lead. This pivotal role requires strategic vision, strong leadership, and in-depth knowledge of cybersecurity within the financial industry.Responsibilities
Leadership:

• Lead and mentor a team of security specialists and subject matter experts to ensure effective execution of security assurance activities.

Strategy and Planning:

• Develop, implement, and maintain a comprehensive security assurance strategy tailored to the company\'s operating environment, risk profile, industry, and regulatory standards.
• Collaborate with senior management to establish security objectives aligned with the digital bank\'s business goals.

Regulatory Compliance:

• Stay current with local regulations and guidelines issued by Bank Negara Malaysia (BNM) and other relevant authorities pertaining to cybersecurity, data privacy, and financial industry security.
• Perform periodic reviews and provide assurance to risk management committees and boards on the bank\'s security practices and policies, ensuring alignment with BNM\'s requirements and industry best practices.

Thematic Assessments and Review:

• Conduct independent security assessments, penetration testing, lead red team exercises, and compromise assessments to evaluate the effectiveness of security controls.
• Collaborate with internal and external auditors to ensure compliance with regulatory requirements.

Technical Assessments:

• Possess a strong understanding of Cloud, DevOps, Application Security, and related control landscapes.
• Previous experience in conducting and reviewing Penetration Tests and configuration reviews is desirable.

Vendor and Third-Party Security:

• Evaluate and manage the security practices of third-party vendors and partners, ensuring compliance with local regulatory expectations on a thematic basis.

Requirements:

• Bachelor\'s Degree in Computer Science, Information Security, Cybersecurity, or a related field.
• Relevant certifications such as Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), OSCP, or industry-specific certifications related to the financial industry in Malaysia.
• 10 years of work experience with a minimum of 3 years experience assessing and/or implementing local cybersecurity regulations, guidelines, and standards, including those issued by BNM and NIST.
• Proficiency in security tools, technologies, and risk assessment methodologies.
• Excellent communication skills, including the ability to communicate effectively with regulators and senior management.
• Strong leadership and collaboration abilities in cross-functional and multicultural environments.
• Analytical mindset with the ability to tailor security strategies to meet business objectives.

Talent Work