Ejobskini Portal Jawatan Kosong Terkini Malaysia
Jawatan Kosong Chief Information Security Officer (CISO) di [SYARIKAT]
KETERANGAN JAWATAN KOSONG
Description Job Descriptions: Experience and Skill Set: Update plan and maintenance of all industry recognized professional certifications including continuous professional education. MobilityOne Limited (LSE: ******) incorporated in Jersey and is listed on AIM of the London Stock Exchange. The group is a leading solution provider for electronic transactions and payments in Malaysia. Our core competencies lie in providing a bridge between the service providers to their end consumers using our technology to accept transactions via multiple channels either via mobile phones, Internet, electronic data capture terminals and even via banking channels like Internet banking portal, automated teller machines (ATM) and mobile banking. Our services are utilised by mobile operators, transportation, financial institutions, hypermarkets, retailers and many other types of services providers requiring payment and transactional technology. MobilityOne has 2 main business pillars which creates a payment eco-system consisting of more than 2,000 retail points and 8 banking partners (collective coverage of more than 10 million account holders)
Lead Compliance, Certification & Audit activities pertaining to Information Security.
Develop and implement a strategic, long-term information security strategy and roadmap to ensure that MobilityOne’s information services and assets are adequately protected as per company’s risk appetite.
• To determine and enact MobilityOne’s Risk Tolerance Level while working with senior leaders across the business
Identify, evaluate and report on information security risks, practices and projects to the C-Suite and the GRC Steering Committee, and provide expertise on security standards, regulations and best practices (e.g., SOC II, PCI, ISO 27001, NIST, CIS, Bank Negara Malaysia etc.).
Develop, mentor, and manage a high performing staff of information security professionals.
• Chair the information security steering committee (subset of GRC Steering Committee)
• Develop the GRC Steering Committee and Board’s understanding of security beyond a ‘compliance-only’ view.
Ensure that the security management program is in compliance with applicable laws, regulations, and contractual requirements.
Act as the champion for the enterprise information security program and foster a security-aware culture.
Oversee the evaluation, selection and implementation of information security solutions that are innovative, cost-effective, and minimally disruptive.
Partner with enterprise architects, infrastructure, and applications teams to ensure that technologies are developed and maintained according to security policies and regulations.
Build and oversee enterprise-wide strategic and tactical programs for:
• Incident and Breach Management (incident response planning and the investigation of security breaches, and assist with any associated disciplinary, public relations and legal/compliance matters)
• Identity and Access Management
• Enterprise Information Architecture Gap Analysis and Hardening
• Security Engineering, Operations and Assessments
• GRC (Policies & Procedures, Consolidation of regulatory/contractual requirements, internal & external audits, security best practices and guidelines) and oversee their approval, dissemination, and maintenance
• Secure System and Software Development Lifecycle
• Vulnerability and Patch Management
• Prepare Business Continuity and Disaster Recovery Plan
• Data Leak and Fraud Prevention
Develop business metrics to measure the effectiveness of the security management program, and increase the maturity of the program over time.
Monitor the industry and external environment for emerging threats and advise relevant stakeholders on appropriate courses of action to maintain acceptable cyber risk posture.
Liaise with the law enforcement and other advisory bodies as applicable by Bank Negara Malaysia to ensure that the organization maintains a strong security posture.
Oversee and lead the creation, communication and implementation of a process for managing vendor risk and other third-party risk.
• Lead due diligence and post integration activities related to information security for applicable Mergers & Acquisitions (M&A) activity
Bachelor’s Degree in computer science, engineering, or a related field; (graduate degree preferred).
Professional certifications, such as;
o CISSP
o CISA
o CISM
o CRISC
o CDPSE
o OSCP
o ITIL
o ISO
o etc.
Minimum 10 years of IT and/or business leadership experience, and 8+ years of information security/cybersecurity experience.
A proven track record in developing information security policies and procedures, and successful execution.
Extensive knowledge of business risk, risk assessment and risk-based decision making.
Able to communicate security and risk-related concepts to both technical and non-technical audiences (in business terms), including board level.
A natural influencer and coalition builder; passionate about building high performing teams.
Ability to inspire and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals; an innovative leader, problem solver and advisor.
Ability to evangelize IT security to make it a critical part of business operations; build trust and respect for the security function.
Excellent written and verbal communication, interpersonal and collaborative skills.
Experienced with contract and vendor negotiations.
Knowledge of security, risk and control frameworks and standards such as ISO 27001 and 27701, NIST, CIS, PCI DSS, Bank Negara Malaysia and other applicable standards/regulations.
Understanding of cloud, on-premise, & IoT architectures, and their implications on information security strategy.
Technical acumen including but not limited to: OSI, IT infrastructure, cloud, application security, tools and frameworks, database technologies, web technologies, network architecture and Identity Access Management/Privileged Access Management services.
Security technology acumen and experience including but not limited to: firewall, intrusion detection, cyber-attack tools and defences, encryption, certificate authority, web filtering, anti-malware, email security/gateways, directory services, multi factor authentication.
Maklumat Tambahan Jawatan Kosong
Tahap Pekerjaan : Not Specified
Kelayakan : Computer/Information Technology, IT-Network/Sys/DB Admin
Pengalaman Kerja :
Jenis Kerja : Contract
Pengkhususan Kerja : Computer/Information Technology, IT-Network/Sys/DB Admin / 508, 193
Maklumat Syarikat Majikan, [SYARIKAT]
MobilityOne is an established Malaysian financial service provider company, listed in the UK with an MSC status. We operate a number of e-services and provide payment solutions to numerous of Banks and telecommunication companies in Malaysia and other South East Asia countries. These e-services include electronic payment, prepaid reload, bill payment and remittance. Our solutions include mobile banking and payments, e-commerce, debit payments, and agent banking.
Maklumat Tambahan Syarikat [SYARIKAT]
Saiz Syarikat : 51 – 200 Employees
Masa Pemprosesan Permohonan :
Industri : Telecommunication
Elaun dan Lain-lain : Dental, Miscellaneous allowance, Medical, Loans, Regular hours, Mondays – Fridays, High insurance coverage, Annual Team Building, Training,, Smart Casual except BD & Sales Staff who are required to go for meeting
Lokasi : Kuala Lumpur