Backbase 4.3 ★

Hiring of an experienced Chief Information Security Officer (CISO) provides necessary expertise and leadership to actively implement policies and compliance that was inadequate in the bank. CISO will also train and up-skill IT security best practices to improve quality of controls, governance and monitoring activities:

• Oversee IT security risk and vulnerabilities management for VPBank
• Develop VPbank security strategy and roadmap
• Establish and implement security-related policies and guidelines
• Own the information security initiatives for IT Division
• Design and build the security practice and the organization’s security architecture
• Provide leadership in project(s) to ensure “security design” principles and approaches are incorporated into IT systems
• Manage and report on IT/cyber security vulnerabilities and risks. Including performing periodic IT security control testing, (e.g., vulnerability testing, risk analysis and security assessments) are carried out and remediate gaps identified within defined timeframe
• Perform PCI-DSS Assessments and fulfil PCI-DSS obligations for current and new projects and systems
• Conduct IT security awareness through regular publishing of monthly security updates/bulletins and trainings (e.g., brown bags) to improve IT security knowledge of users and IT staff. Provide advice and consultancy on security risks and controls
• Manage IT/ Cyber security incidents and liaise with various IT functions, Risk and Compliance, and business users
• Direct external vendors/investigators in conducting electronic discovery and digital forensic investigations when required
• Participate and working with other high-level executives to establish disaster recovery (DR) and business continuity plans

1. Educational Qualifications

• Bachelor in IT/Computer Science & CISSP/CISA (preferred)
• Other higher qualifications / certificates is a plus

​

2. Relevant Knowledge/ Expertise

• Strong technical skills in one or more of the following: network, application and operating system security and hardening, vulnerability assessments and penetration testing, TCP/IP suite, firewalls, Security Information & Event Management (SIEM), Data Loss Protection (DLP), Intrusion detection systems, log review, incident management)
• Knowledge in Security compliance, in particular PCI-DSS.
• Knowledge of ISO 27001/2 information security standards
• Knowledge of current IT industry trends.
• Knowledge and understanding of relevant legal and regulatory requirements.
• Knowledge of common information security management frameworks.

3. Skillset

• Strong interpersonal, relational, and collaboration skills with senior management and department heads to provide Information security services.
• Strong analytical and logical thinking skills
• Ability for multitasking and working accurately at the same time
• Excellent presentation and communication skills
• Strong verbal and written communication skills in English

4. Relevant Experience

• At least 10 years of working experience in supporting IT/cyber security operations, risk assessment, audit and compliance.
• Preferably having spent some 4 to 6 years in security consulting services and 2 to 3 years in Global MNC.
• Must have B2C industry experience.
• Experience in managing customer data in an eCommerce environment is a plus.
• Adaptable and able to follow through from design to implementation.
• Ability to weigh business risks and enforce appropriate information security measures
• Strong skills in managing vendor relationships.
• Experience in working with high performance teams and understand the dynamics of teamwork in an international Security Operations Centre (SOC) environment