Head of IT Security and Governance Department

I. Job Summary

The job holder is responsible for all ICT security matters and all ICT Governance matters of ICT Division. The job holder also ensures ICT risks are under control and all ICT audits are within acceptance levels. In addition, the job holder also co-work with all relevant IT departments to have secured and smooth operational applications.

II. Key Roles & Responsibilities

1. IT Security

• Ensure general system security

• Ensure the security operation and security development

• Perform training on IT Security and security awareness

• Monitor security systems and co-work with IT operations to ensure system security

• Manage incidents and follow up to prevent incidents

• Perform Pen-test, BCP, DR Drill

• In-charge of Internal Audit, SBV Audit, external audit

• Research and propose new security solutions, update security patches and trends to ensure the security is up-to-date

• Design IT security framework to secure IT systems, company data

• Monitor security systems and ensure system safety

2. IT Governance

• Ensure compliance to local regulations (including SBV, CIC) and SHC ICT policies via policy development, process improvement initiative, providing consultancy to users on matters relating to security and governance

• Manage incidents and follow up to prevent incidents

• In-charge of Internal Audit, SBV Audit, external audit: coordinate with teams to provide documents, evidence when having requirements from Auditor. Ensure to follow up to clear findings from auditors

• Report on IT Compliance to SBV and external Authority

• Ensure all systems and ICT operations are complied with all regulations

3. Team management and project management

• Self-motivation and positive mind-set to make influence to the team

• Effectively manage and train up team members with good service mindset and can-do attitude

4. Digital transformation

• Ensure to involve in the Digital transformation process of the company

• Bring new technologies to ensure security

• Ensure solutions evaluation and budget evaluation for security solutions.

1. Qualification

• University Degree majored in Information Technology (master degree is a plus)

• International information security certification - CISSP (Certified Information Systems Security Professional), CompTIA Security is a plus

• Internal Audit certificates is a plus

2. Work Experience

• Minimum 10 years working experience working in systems security with at least 5 years in management role

• Experience in managing security audits and vulnerabilities and threat assessments

• Have experience on Finance/Banking sector

• Good at project management and team management

3. Knowledge

• Security & Governance management

• Team management

• Develop team members

• Project management

• Risk Management & Risk assessment

• Cloud security

• Experience with ISO (ITIL, OWASP, ISO 27001,...)

• DevSecOps

• Financial service industry

• Law

• Knowledge and updates on circulars and decrees of the financial and banking industry

4. Skills

• IT Security

• IT Network/System Administrator

• Reporting

• Information/ Operational Risk

• Market information

• Effective communication skills

• Problem-solving skills

• Effective time management

• Good collaboration

• Incident response skills

• Critical thinking

• Can-do attitude