• Assist in developing and enhancing information security policy and IT security-related Policies, to align with standard framework including but not limit to ISMS (ISO/IEC/ 27000 series), PCI, NIST;
• Assist in developing and enhancing Manual and Standard Operating Procedure in Information
• Security and Governance Department, and review Manual and Standard Operating Procedure of IT related departments to ensure the alignment with the Bank standard policies and business requirement;
• Assist in conducting control gap analysis program and recommending risk mitigation and control processes for information security and prevent incidents happened through the exercising of IT General Controls testing;
• Assist in performing compliance check and report on ISMS and IT Policy to related department;
• Assist in maintaining appropriate security measures and mechanisms to guard against unauthorized access to critical banking systems and project against reasonably anticipated threats and hazards;
• Assist in reviewing security controls on all new solution implementations;
• Monitor compliance of IT security policies and procedures among employees, contractors, alliances, and other third parties and referring problems to appropriate related stakeholders;
• Develop and conduct training on Information Security awareness program to all staffs to bring security into the forefront and make it a recognized entity for users, or establish foundation of security understanding across the entire bank and to ensure all system users effective
• Coordinate or act as a liaison between IT department and internal auditor, external auditor, compliance entity and/or NBC effectively;
• Keep assessment, evidence and other compliance documents in an organized manner and securely store for further reference;
• Ensure that IT governance activities, policies and decisions are communicated to IT Management and Business in order to update the IT governance decisions that will affect IT services and projects.

‍

Others:

• Respond to enquiries from staff and provide security advice as required;
• Work with IT team to formulate IT operational procedures;
• Prepare monthly security reports and user and role assessment review at periodical basis;
• Other job assigned.

• Bachelor in of Information Technology, Information Security, Cyber Security, or other related degrees such as Computer Science, Management of Information Systems;
• At least 1-3 years working experience in IT Governance or IT Auditing and Assurance, other IT security Related;
• Holding security related certification in CySA+, ECSA, OSCP, CEH, CISA or from equivalent recognized certification body is a plus;
  knowledge of a wide range of Information Technology and Digital systems and a deep understanding of the inherent security risks associated with these technologies;
• Knowledge of security regulations and standards including NIST, SANS, PCI DSS, ISO/IEC 27001, CIS
• Experience in quality inspection, auditing, and testing
• Positive attitude towards learning and development demonstrated by a record of continuing professional development;
• Self-confident and able to work under pressure;
• Ability to manage time and priorities appropriately;
• Good verbal and written communication skills and able to communicate effectively at all levels;
• Honesty, reliability, and a commitment to strict confidentiality.