Chief Information Security Officer (CISO)

Chief Information Security Officer (CISO)

• Manage and maintain IT and cyber risk policies & framework and ensure appropriate and effective implementation within the respective business units in the Bank and aligned to the organization’s mission, strategic goals and objectives while complying with all regulatory guidelines.
• Develop and ensure IT and cyber risk policies, guidelines and manuals and other key documents comprising policies regarding IT and cyber risk are in place.
• Develop and review IT and cyber risk management methodologies and tools in assessing and managing the day-to-day IT and cyber risk in respective business sectors and ensure compliance with IT and cyber risk management policies, procedures and regulatory requirements.
• Develop and review adequacy of IT and cyber risk policies and procedures for effective IT and cyber risk control in light of possible changes to system and threats.
• Formulate IT and cyber risk reporting for Management and Board level committee of the Bank including IT and cyber Risk Dashboard on IT and cyber risk exposure, key risk indicators, loss experience and risk profile of the Bank.
• Drive and manage the IT and cyber risk reporting process and awareness to ensure effective implementation of IT and cyber risks including emerging risk issues that could impact the Agrobank’s risk profile and appetite.
• Propose and develop strategies to inculcate IT and cyber risk culture throughout the bank and develop awareness and accountability for inherent risks and control.
• Promote best practices for control functions within the business and support units.
• Identify, manage, strengthen and alert Management on key residual risks.
• Work closely with Operational Risk Management, IT Internal Audit, Compliance and other key control functions for integrated control reviews.
• Build and maintain strong relationships with Information Technology Department, Digital Banking Department and Product Support & Operation Department to improve bank’s IT and cyber risk profile.
• Conduct review on IT and cyber risks and recommend enhancements to the process/systems to control the risks.
• Strategize the implementation of control gaps and propose action plans identification process to ensure controls are being practiced consistently.
• Plan, organize and facilitate risk management training and workshops in order to cultivate risk awareness culture.
• Serve as an internal risk consultant to the Management and business/support units.
• Perform advisory role to business and support unit in managing the IT and cyber risk within their respective function.
• Provide sign-off/validation regarding IT and cyber risk for introduction of product/services, internal control document, outsourcing activities, project management etc.
• Recommend internal control improvement as and when necessary.
• Consult the Management on strategic implementation from the bank perspective to elevate and improve IT control to mitigate risk exposure.
• Perform leadership roles and manage opportunities for human capital/team development.
• Encourage subordinates to enrich IT and cyber risk knowledge through training and certification.
• Encourage participation/exposure to management forum and managerial tasks.
• Create opportunities for career development.
• Provide support, education and training to staff to build risk awareness.

• Bachelor Degree in Information Technology or related discipline.
• Certified IT Security Professional.

• Preferably more than 5 years in IT and cyber risk management at management level of an established financial services institution.
• Broad knowledge of various IT and cyber risk management approaches and their application within the context of holistic risk management framework.
• Good knowledge of a broad range of banking products, risk management tools and techniques.
• Understand the Bank’s strategies and objectives, business model and banking financial landscape.
• Strong analytical, interpersonal and communication skills.
• A team player with the ability to work independently.
• Experience in dealing with local regulatory body such as Bank Negara Malaysia in subject matter.