JOB PURPOSE :

1. Propose and update the Group IT Security Policies and Standards including Regional & Overseas Units in ensuring that all local regulators’ requirements and industry best practise are captured and adhere to
2. Develop Regional IT Security Governance processes to align with the Bank’s strategy and aspirations
3. Justify and assess IT Risk associated with project in ensuring the Confidentiality, Integrity and Availability’s risks are mitigated to an acceptable level
4. Enforcement and proactively provides IT security consultancy/ advisory services on policies, standards and best practices across the Group
5. Interpret regional countries regulatory compliance and enforce in Maybank Group based on Intra-Outsourcing arrangement
6. Enable the security assessment exercise is conducted and remediated in a timely manner
7. Promote IT Security Processes by conducting IT Security Governance awareness program to all project team and MSS team
8. Evaluate change and firewall request to guarantee conformance to the Bank’s policies and standard
9. Safeguards information system assets by identifying and solving potential and actual security problems

PART 3: KEY ACCOUNTABILITIES & OUTCOMES

It pertains to what are the main areas in which a job must achieve end-results to achieve the purpose. Maximum of 8 Key Accountabilities only.

Principal Accountabilities

Describe the key activities that you are expected to achieve. Start with the most important

Outcomes/ deliverables targeted

Major Challenges in achieving the outputs

Accountability

Supporting Activities

Outcome/ deliverables

Challenges

Support in reviewing and updating the Group IT Security Policies and Standards including Regional & Overseas Units in ensuring that all local regulators’ requirements and industry best practise are captured and adhere to

1.   Review on local IT Security Policies and Standard

2.   Perform gap analysis and engaging Regional IT Security representative to discuss on the gap

3.   Provide recommendation of the Group IT Security Policies to Unit Head and Section Head review

4.   Produce communication to enterprise via Portal or internal communications if required

1.  Robust, standardized and Industry Standard of Group IT Security Policies and Standards

·      Managing users and outsourcer to provide timely response for day-to-day activities in meeting business objectives

·      Obtain and understanding of regional and overseas units’ regulatory requirements in ensuring its compliance

·      Supporting Group-wide IT Security Governance processes

·      Propose Group IT Security Policies and Standards that able to be used across the Group in view of different local business and regulator’s requirements

·      Conduct research, recommend control measures to establish and enforce compliance with company Group's IT Security policies and standards

·      Present IT Security Governance Awareness to respective sector within company thru various platforms (workshop, email communication)

·      Support various parties that include Business users, branch networks, internal IT, service partners and providers to ensure compliance with company Shared Services Compliance  /Security Policies and Standards

·      Conducting reviews on existing system security controls and processes and looking for ways to improve existing IT Security processes to be more efficiency and effectively via the Continuous Improvement Programmes

·      Check for the non-compliance against the business requirements by assessing the risk exposure and provide appropriate recommendations

Develop Regional IT Security Governance processes to align with the Bank’s strategy and aspirations

1.    Participate in the discussion with regional IT Security representative to understand the current local IT Security Governance process and challenges faced

2.    Establish the streamline IT Security Governance process that to be used across the Group

3.    Recommend to Unit Head and Section Head on the streamlined process

1.  Standardized Group IT Governance Process in ensuring the Bank’s is protected from Confidentiality, Integrity and Availability risk

2.  Effective IT Security Governance across the Group

3.  Increase compliance level across the Group by enforcing the same processes

Justify and assess IT Risk associated with project in ensuring the Confidentiality, Integrity and Availability’s risks are mitigated to an acceptable level

1.    Enable the IT Risk Management process

2.    Provide active guidance and consultation to the team in related to IT Security matters

3.    Communicate and discuss with respective party on the associated risk and its mitigation

1.    Obtain acceptable level of risk exposure to the Bank

2.    Proactively assess and mitigate the risk exposure

1.    Involved in all projects and moderate – major operations

2.    Perform assessments to identify potential weaknesses and regulatory  breaches

3.    Provide security recommendations to the stakeholders in ensuring its compliance to the Bank’s policies and regulator’s requirements

4.    Support proposed improvement plan 

1.    Maintenance and enforcement of effective IT Security policies and standards

2.    Mitigate the risk exposure

Interpret regional countries regulatory compliance and enforce in company Group based on Intra-Outsourcing arrangement

1.    Gather regional countries regulator’s requirements, policies and guidelines

2.    Mapping to existing BNM’s requirements and identify the gap

3.    Establish draft Regional Compliance Checklist in mapping the regional regulator’s requirements for review

4.    Support in the enforcement of regional regulator’s requirements to relevant projects based on scope and criteria

1.    Ensure compliance with respective local regulators’ requirements

Enable the security assessment exercise is conducted and remediated in a timely manner

1.    Obtain list of in scope applications

2.    Coordinate with internal and external resources in performing the security assessment

3.    Track the end result,  remediation and provide status updates to UH

1.    Effective Security assessment activity

2.    Overall visibility and effective management of major vulnerabilities detected and exposure

3.    Mitigate the risk exposure for the Bank

4.    Compliance to regulators’ requirements

Promote IT Security Processes by conducting IT Security Governance awareness program to all project team and MSS team

1.    Develop the IT Security Awareness slides/material

2.    Coordinate with the audiences

3.    Provide assistance for the awareness program

1.    Effective IT Security Governance process

2.    Reduce delay in project implementation due to insufficient documentation 

Evaluate change and firewall request to guarantee conformance to the Bank’s policies and standard

1.    Review and assess the change and firewall request

2.    Ensure the request is incompliance with the Bank’s standards and policies

3.    Approve/Reject the request based on the assessment performed

1.   Protect the Bank’s by ensuring the change and firewall request are in accordance to the Bank’s policies and standards

Safeguards information system assets by identifying and solving potential and actual security problems

1.    Perform assessment on the request made by users

2.    Reviewing the information assets to identify potential security weaknesses and mitigate accordingly

1.    Mitigate the risk exposure to an acceptable level

2.    Continuous improvement for better protection

Possess professional certifications such as ITIL, COBIT, CISSP, CEH and CHFI

JOB SPECIFIC SKILLS & COMPETENCIES REQUIRED