SM, IT Security & Governance
Posted on: 5/11/2024
Kuala Lumpur
Permanent
Financial Services
A leading life insurance company in Malaysia, combining global expertise in insurance with local banking knowledge. With a broad range of products and a customer-focused approach, the company aims to meet the diverse financial needs of Malaysian individuals, families, and businesses. Its commitment to digital innovation, customer service, and corporate social responsibility has helped it build a strong presence in the market.
Job Overview:
The Senior Manager, IT Security and Governance, will be responsible for ensuring that the company adheres to regulatory and compliance standards, while establishing and managing a robust IT security framework. The incumbent will play a crucial role in maintaining effective governance and mitigating security risks by leading IT audits, security controls implementation, and policy compliance. Additionally, this role requires maintaining a strong connection with banks and financial institutions to stay informed on regulatory updates, industry best practices, and emerging threats specific to the financial and insurance sectors.
Key Responsibilities:
-
Governance & Compliance:
- Ensure the company is fully compliant with internal IT security policies, industry standards, and regulatory requirements (e.g., PDPA, financial regulations, insurance guidelines).
- Maintain strong relationships with regulatory bodies, including banking institutions and financial regulators, to receive timely updates on regulatory changes and compliance requirements.
- Implement and oversee governance frameworks that align with the company’s IT strategy, business objectives, and compliance requirements.
- Monitor, report, and escalate any deviations from compliance standards to senior management.
-
IT Security Controls & Risk Management:
- Lead the review, recommendation, and implementation of effective IT security controls and measures to mitigate risks and enhance overall security.
- Assess current IT infrastructure, identify vulnerabilities, and recommend improvements to protect the organization's assets from cyber threats.
- Regularly review and update security protocols, policies, and procedures in response to emerging threats and changing business needs.
- Conduct threat intelligence analysis to ensure proactive identification of risks and development of mitigation strategies.
-
IT Audits and Reviews:
- Support and coordinate with internal and external auditors to conduct IT security and governance audits and reviews.
- Ensure that audit findings and recommendations are addressed in a timely and effective manner, documenting and reporting the results to senior leadership.
- Lead the development of action plans based on audit reviews, ensuring appropriate corrective actions are implemented to address identified gaps.
-
Policy and Framework Development:
- Develop, update, and enforce IT security policies, standards, and guidelines aligned with the company’s strategic goals and regulatory requirements.
- Establish and maintain a comprehensive IT governance framework, ensuring the consistency of security controls across all IT systems and applications.
- Promote and maintain a culture of security awareness across the organization through training, communication, and ongoing support.
-
Incident Response & Management:
- Oversee and coordinate the organization's response to security incidents, ensuring rapid and effective resolution.
- Develop, test, and maintain incident response plans and disaster recovery protocols to ensure minimal disruption to business operations.
- Ensure lessons learned from incidents are incorporated into security policies and controls to prevent future occurrences.
-
Collaboration and Stakeholder Engagement:
- Work closely with business leaders, IT teams, and external vendors to ensure that security considerations are integrated into all technology initiatives.
- Serve as a key advisor to senior management on IT security and governance issues, providing recommendations for enhancing security posture and managing compliance risks.
- Regularly update stakeholders on IT security developments, risks, and compliance status.
-
Continuous Improvement:
- Stay current with evolving security trends, industry best practices, and regulatory changes in the insurance sector and IT security field.
- Lead initiatives to continuously improve IT security posture, governance, and compliance processes.
Key Requirements:
-
Education:
- Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or related field. A Master’s degree is a plus.
- Relevant certifications such as CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), or equivalent.
-
Experience:
- Minimum of 7-10 years of experience in IT security, governance, risk management, or a related field, with at least 3 years in a managerial or leadership role.
- Previous experience in the insurance or financial services sector is highly preferred.
- Proven track record of managing IT security and governance frameworks in a complex regulatory environment.
-
Skills:
- Strong understanding of regulatory compliance frameworks (e.g., GDPR, PDPA, SOX, ISO 27001, and NIST) and the ability to implement these in a corporate environment.
- Ability to stay up-to-date with regulatory updates from financial institutions and compliance organizations.
- Experience with security tools and technologies such as firewalls, IDS/IPS, encryption, and SIEM systems.
- Strong knowledge of risk management and IT audit processes.
- Excellent communication skills, with the ability to present technical information to non-technical stakeholders.
- Strong problem-solving abilities, with a focus on proactive risk mitigation and incident management.
Why Join Us?
As the Senior Manager, IT Security and Governance, you will have the opportunity to lead the company's efforts in maintaining a robust IT security framework that ensures compliance with the highest standards and regulatory requirements. Your role will be integral in mitigating risks and protecting the organization’s information assets. You'll also have the opportunity to build strong partnerships with key banks and financial institutions, positioning the company as a leader in security and governance practices within the insurance industry.
Interested candidates are encouraged to apply with an updated resume and cover letter.