Head of Cybersecurity

About the Role:

• Lead, design and implement cybersecurity controls, framework, strategies, risk assessment and governance, based on policies and best practices to achieve a cohesive and complete cyber resilience and compliance across the bank 

What You'll Do:

Cybersecurity Governance & RMIT Compliance

• Own the bank's cybersecurity strategy, framework and controls, aligned to BNM's Risk Management in Technology (RMIT) policy document and the NIST Cybersecurity Framework (Identify, Protect, Detect, Respond, Recover)
• Serve as the primary point of accountability for technology and cyber risk reporting to senior management, the Board Risk Committee, and BNM — including KCIs, dashboards, and regulatory submissions
• Oversee vulnerability management, penetration testing schedules, and remediation tracking; ensure findings are resolved within agreed SLAs
• Provide governance over security architecture decisions — including network design reviews, firewall rule changes, and application security reviews through the Change Approval process
• Lead the bank's threat intelligence and incident response posture; coordinate with regional security partners and ensure the bank maintains a tested, RMIT-compliant incident response plan
• Champion security awareness programmes and embed a security-first culture across engineering and operations

Leadership & Cross-Functional Accountability

• Build and lead specialist teams within Cybersecurity using Team Topologies principles — enabling stream-aligned product teams through platform and enabling team structures
• Contribute to the bank's BNM foundational phase graduation plan, including evidence preparation for technology risk
• Participate in enterprise risk governance and represent the technology assurance functions in Board-level and regulatory forums

What We're Seeking:

• Bachelor's degree or higher in Cyber Security, Information Security, Computer Sciences, Information Systems/Technology, or related field, or equivalent work experience 
• Minimum 12 years of technology experience, with at least 5 years in a leadership role
• Solid understanding of the latest Information Security principles, techniques, protocols and other industry IT governance standard best practices (e.g. ISO27001, NIST, ITIL, PCI-DSS) 
• Prior experience in a regulated financial institution (bank, insurer, or fintech under central bank supervision) is strongly preferred; digital bank or neobank experience is a significant advantage
• Demonstrated track record of building and scaling technology assurance teams from early-stage through regulated go-live
• Well-versed in BNM regulatory frameworks: RMIT, Outsourcing Policy, Business Continuity Management, and Management of Customer Information — you understand what 'compliant' actually means in practice, not just on paper
• Solid working knowledge of cybersecurity principles (ISO 27001, NIST CSF, PCI-DSS)
• Understanding of Malaysian payment infrastructure: PayNet, DuitNow, FPX, RPP — and the operational reliability requirements these integrations impose
• Disciplined in developing and enforcing policies, standards and procedures
• Driven self-starter who is delivery focused and possesses effective leadership, interpersonal skills, team player, have strategic thinking and encompassing the ability to build strategic collaborations
• Excellent oral and written communication skills

What We Value:

• Open-mindedness and constructive communication, fostering an environment of mutual support and growth.
• Responsibility and ownership, with a strong sense of accountability.
• Commitment to teamwork and achieving shared goals.
• Customer focus and dedication to delivering results.
• A proactive approach to leading change and innovation.

JR00000570