About the role: Lead end- to- end security and infrastructure for digital banking and capital markets platforms across on- prem, cloud, and hybrid environments. Own the enterprise operation security and part of application security, drive governance, risk, and compliance, and enforce secure- by- design practices across product, platform, and operations, with authority to set strategy, approve controls, and represent the function to clients and regulators.
Key Responsibilities:
Cybersecurity & Risk
Embed security into SDLC and CI/CD: threat modeling (e.g., STRIDE), SAST/DAST/SCA, secrets scanning, IaC scanning, container/image scanning, artifact signing, and SBOM generation; enforce pipeline gates and risk- based exceptions.
Experience in SOC strategy and operations: log ingestion, SIEM/SOAR use cases, threat hunting, alert tuning, and purple- team style continuous improvement.
Run vulnerability management at scale: authenticated scans, prioritization, SLA- based patching, and exec- level reporting.
Govern runtime controls for cloud- native stacks: Kubernetes/container security, admission controls, runtime detection, policy- as- code, and API/WAF protections with rate- limiting and mTLS where required
Operate endpoint, email, and data protection controls (EDR/XDR, DLP, MDM, anti- phish), plus Zero Trust network segmentation and secure remote access (IAM/PAM, MFA, device posture).
Support internal audits, regulatory inspections, and external assessments; coordinate remediation plans with accountable owners and due dates.
Establish and maintain a policy suite, control standards, and a risk register tied to business objectives and risk appetite.
Implement the secure coding standards, secure code reviews, and developer enablement through playbooks, patterns, and training.
Direct incident response across Detect- Respond- Recover: playbooks, tabletop exercises, forensics handling, evidence chain, post- incident reviews, and lessons- learned backlog.
Own the information security management system and control framework aligned to ISO/IEC 27001:2022, PCI DSS 4.0<ins>, NIST CSF 2.0 (incl. Govern), CIS Controls v8, and applicable SEA banking regulations (e.g., SBV, MAS TRM, Bank Negara RMiT).
Infrastructure Management
Architect and operate secure, scalable infrastructure across multiple sites: identity- centric controls, network micro- segmentation, key management, backups, and immutable recovery patterns.
Partner with DevOps teams on performance, reliability, and cost controls, ensuring security controls are observable and automation- friendly in the cloud environment.
Implement all infrastructure- related activities, including Internet, devices, wifi, and mainly the Microsoft 365 ecosystem.
Team & Vendor Leadership
Build and mentor a high- performance team; establish on- call procedures, runbooks, and career paths.
Manage security vendors and MSSPs, negotiate SLAs, and hold annual business reviews.
Train staff on security awareness and operational resilience.
Foster a culture of automation, accountability, and proactive monitoring.
