Job
Description
Knowledge in information security, specifically in compliance assessment, policy development, andindustry standard frameworks such as ISO 27001, PCI-DSS, NIST, CIS, etc , preferably gained in theFinancial Services sector; experience in service continuity would also be desirable Knowledge in regional FSI regulator s requirements and guidelines such as MAS, BI, BSP, BNM RMIT,PBOC, HKMA etc Knowledge of network components and related protocols, security products/solutions/concept; theincumbent should also have a sound understanding of the vulnerabilities in operating systems, databasesand major applications and must possess the necessary knowledge to mitigate these vulnerabilities Experience in designing enterprise and specific operational level security policies, standards andprocesses (like email & internet policy, password management process, etc) Experience in handling training classes Possess strong presentation and negotiation skills Strong written and verbal communication skills in English in order to clearly disseminate securitymessages and practices to all staff, for contributing to security policy and process documentation andpresent ideas in business-friendly language Experience in liaison with various stakeholders Requirements : Possess professional qualification with minimum Bachelor Degree in Computer Science majoring in Security or Network or Computer System Knowledge in information security, specifically in compliance assessment, policy development, and industry standard frameworks such as ISO 27001, PCI-DSS, NIST, CIS, etc , preferably gained in the Financial Services sector; experience in service continuity would also be desirable Knowledge in regional FSI regulator s requirements and guidelines such as MAS, BI, BSP, BNM RMIT, PBOC, HKMA etc Knowledge of network components and related protocols, security products/solutions/concept; the incumbent should also have a sound understanding of the vulnerabilities in operating systems, databases and major applications and must possess the necessary knowledge to mitigate these vulnerabilities Experience in designing enterprise and specific operational level security policies, standards and processes (like email & internet policy, password management process, etc) Experience in handling training classes Possess strong presentation and negotiation skills Strong written and verbal communication skills in English in order to clearly disseminate security messages and practices to all staff, for contributing to security policy and process documentation and present ideas in business-friendly language Experience in liaison with various stakeholders Responsibilities: Propose and update the Group IT Security Policies and Standards including Regional & Overseas Unitsin ensuring that all local regulators requirements and industry best practise are captured and adhere to Develop Regional IT Security Governance processes to align with the Bank s strategy and aspirations Justify and assess IT Risk associated with project in ensuring the Confidentiality, Integrity andAvailability s risks are mitigated to an acceptable level Enforcement and proactively provides IT security consultancy/ advisory services on policies, standardsand best practices across the Group Interpret regional countries regulatory compliance and enforce in Maybank Group based on Intra-Outsourcing arrangement Enable the security assessment exercise is conducted and remediated in a timely manner Promote IT Security Processes by conducting IT Security Governance awareness program to all projectteam and MSS team Evaluate change and firewall request to guarantee conformance to the Bank s policies and standard Safeguards information system assets by identifying and solving potential and actual security problems
