Cyber Security Compliance Officer

**Cyber Security & TRM Governance**:

- Develop, mature and operationalising cybersecurity framework, policies, procedures, guidelines and baseline standards within the organisation.
- Champion the cyber strategy, planning and execution of enterprise cyber security solutions for the organisation.
- Ensure cybersecurity best practices are embedded within new initiatives, ongoing change management and evaluate the security impact of the initiatives.
- Drive internal Cyber Security Risk Assessments (i.e. planning, developing and executing) including 3rd party due diligence reviews, cybersecurity assurance activities, as well as audit readiness reviews and drive timely resolution.
- Validate effectiveness of current security controls and identify potential gaps.
- Provide advisory services on cybersecurity matters to internal stakeholders.
- Ensure organisational compliance with internal Security policies, standards and procedures, as well as external requirements (e.g., ISO27001, Market specific as well as Global Data Protection regulations including GDPR).
- Drive cybersecurity awareness within the organisation, formulating learning curriculum, rolling out training modules ensuring completion remains above agreed metrics.
- Proactively support in organisational roadmap towards maintaining relevant credentials including Trustmark, ISO27001 compliance and establishing SOC2 compliance report.

**Cyber Security & Technology Risk Operations**:

- Implement and administer IT security devices and related systems (e.g. patch management, endpoint security, etc)
- Involve in SOC implementation and administration to actively monitor the organisation’s IT environment.
- Perform internal/external threat security assessments and address the gaps by developing mitigation plan and following-up actions and remediation timelines up to closure.
- Respond to security incidents, including resolution and remediation, and continually enhance the capability of the incident response team.
- Implement network security appliances, endpoint protections, IT Development Operations security, and perimeter and cloud security measures.
- Research new security technologies, threats and vulnerabilities and implement relevant cost-effective preventive and detective measures.
- Conduct security awareness training, guidance and cybersecurity exercises.
- Manage and align the Company processes for recommended Cyber Security controls in TRM guideline as applicable to Company’s environment setup.
- Manage risk-controls and exposures in Cyber Security aspect.
- Manage third-party services on internal audit controls & cyber-risk aspects under IT Outsourcing Management.
- Manage and setup framework processes to enhance compliance to risk-control measures.
- Manage third party assessment in terms of Cyber-Tech proficiency and risk controls.
- Work within Compliance Team to manage internal GRC (risk and governance) commitment.

**Qualifications and Skills Requirements**:

- Polytechnic Diploma in Technology Information or its equivalent. University Degree in Computer Science is preferred.
- Certifications in CCSP (ISC2), CISSP (ISC2), CASP (Comptia) or its equivalent is preferred. Certifications in CISA (ISACA), CRISC (ISACA) or its equivalent will be an advantage.
- Demonstrate knowledge of cyber security architecture principles, applicable to perimeter defenses, emerging cyber threats, malware defenses, DLP, cryptography, etc.
- Have detailed and good understanding of implemented technologies, network and systems, in particular with respect to Cloud Computing and Network server infrastructure setups, to continuously improve threat hunting capabilities to address the evolving cyber threats.
- Have solid understanding of the SSDLC process and follows the process to effectively develop and design solutions.
- Strong understanding of relevant Industry Principles, Best Practices, and Standards, such as PCI, NIST, ISO, IEEE, and TCG is a requirement.
- Knowledgeable in regulatory compliance (MAS TRM, ABS, BNM, HKMA, CBRC, etc), international guidelines and others is preferred.
- Experience in managing the implementation of regional and global cyber security projects, initiatives, and operational process in concert with the relevant stakeholders and teams will be an advantage.
- Familiarity in Digital Banking, FinTech and Outsourcing will be an advantage.