1. Create, review and update the Group IT Security Policies, Standards, Procedures, Guidelines, checklist and assessment requirements related to Cloud Security
   • Will be used by Regional & Overseas Units
   • Comply to all local regulators’ requirements and industry best practise are captured and adhere to.
   • Ensure that cloud security policies and assessment questions are aligned with industry best practices (e.g. ISO 27001, NIST, CSA STAR, SOC 2) and regulatory requirements (e.g.BNM RMiT, MAS, OJK, HKMA)
   • Regularly review and update cloud security policies to address emerging threats and changes in the regulatory landscape.

2. Perform comprehensive cloud security assessments for new and existing cloud projects, encompassing both private and public cloud solutions.
   • Review evidence provided by solution provider and third parties such as SOC 2 reports, CSA STAR certifications, attestation reports, and penetration testing results.
   • Conduct technical validation of cloud architecture and configurations to ensure compliance with security policies and standards.

3. Develop Regional IT Security Governance processes to align with the Bank’s strategy and aspirations
4. Liaise and manage business projects and infrastructure upgrades penetration testing and code reviews
5. Enforcement and proactively provides IT security consultancy/ advisory services on policies, standards and best practices across the Group

.

Qualifications

• Education and Experience:
• Bachelor’s degree in Computer Science, Information Technology, or a related field.
• Minimum of 2 years of experience in cloud security, cloud governance, or a similar role. A total of at least 3 years of experience in IT security, or infrastructure is required.
• Proven experience in conducting cloud security assessments and technical validations.
• Technical Skills:
• Strong understanding of cloud platforms (AWS, Azure, Google Cloud) and their security features.
• Knowledge of cloud security frameworks and standards (ISO 27001, NIST, CSA STAR, SOC 2).
• Experience with security tools and technologies used in cloud environments (e.g., SIEM, IAM, encryption).