Job Code

JD-20248

JOB DESCRIPTION

Knowledge in information security, specifically in compliance assessment, policy development, and industry standard frameworks such as ISO 27001, PCI-DSS, NIST, CIS, etc., preferably gained in the Financial Services sector; experience in service continuity would also be desirable  Knowledge in regional FSI regulator’s requirements and guidelines such as MAS, BI, BSP, BNM RMIT, PBOC, HKMA etc  Knowledge of network components and related protocols, security products/solutions/concept; the incumbent should also have a sound understanding of the vulnerabilities in operating systems, databases and major applications and must possess the necessary knowledge to mitigate these vulnerabilities  Experience in designing enterprise and specific operational level security policies, standards and processes (like email & internet policy, password management process, etc)  Experience in handling training classes. Possess strong presentation and negotiation skills  Strong written and verbal communication skills in English in order to clearly disseminate security messages and practices to all staff, for contributing to security policy and process documentation and present ideas in business-friendly language  Experience in liaison with various stakeholders

Experience Required

5 - 10 Years

Industry Type

IT

Employment Type

Permanent

Location

Malaysia

Roles & Responsibilities

Responsibilities:  Propose and update the Group IT Security Policies and Standards including Regional & Overseas Units in ensuring that all local regulators’ requirements and industry best practise are captured and adhere to  Develop Regional IT Security Governance processes to align with the Bank’s strategy and aspirations  Justify and assess IT Risk associated with project in ensuring the Confidentiality, Integrity and Availability’s risks are mitigated to an acceptable level  Enforcement and proactively provides IT security consultancy/ advisory services on policies, standards and best practices across the Group  Interpret regional countries regulatory compliance and enforce in Maybank Group based on Intra- Outsourcing arrangement  Enable the security assessment exercise is conducted and remediated in a timely manner  Promote IT Security Processes by conducting IT Security Governance awareness program to all project team and MSS team  Evaluate change and firewall request to guarantee conformance to the Bank’s policies and standard  Safeguards information system assets by identifying and solving potential and actual security problems

Expertise & Qualification

Requirements :  Possess professional qualification with minimum Bachelor Degree in Computer Science majoring in Security or Network or Computer System  Knowledge in information security, specifically in compliance assessment, policy development, and industry standard frameworks such as ISO 27001, PCI-DSS, NIST, CIS, etc., preferably gained in the Financial Services sector; experience in service continuity would also be desirable  Knowledge in regional FSI regulator’s requirements and guidelines such as MAS, BI, BSP, BNM RMIT, PBOC, HKMA etc  Knowledge of network components and related protocols, security products/solutions/concept; the incumbent should also have a sound understanding of the vulnerabilities in operating systems, databases and major applications and must possess the necessary knowledge to mitigate these vulnerabilities  Experience in designing enterprise and specific operational level security policies, standards and processes (like email & internet policy, password management process, etc)  Experience in handling training classes. Possess strong presentation and negotiation skills  Strong written and verbal communication skills in English in order to clearly disseminate security messages and practices to all staff, for contributing to security policy and process documentation and present ideas in business-friendly language  Experience in liaison with various stakeholders