Head of Informtion Security

Job Description

What we do, and why we do it

The banking system is evolving to give consumers the transparency, control and financial wellbeing they deserve. In a world where technology can change how we live for the better, there is no reason to be burdened by legacy systems, bureaucracy and mediocrity. It's time for a change, and you can be part of this revolution!

BigPay is everything you wish your bank was: fair, transparent, frictionless. We went back to the drawing board to explore how new technologies could bring power back to you. Our goal is to solve real world money problems for millions of people by empowering them, and providing a simple interface for users to send, receive and track their money.

Life at BigPay

We're fast, curious and ambitious. We are on a fearless adventure to change financial services for consumers, and we value ownership, initiative and leadership from everyone in the company. We're going out of our way to recruit the most intelligent, creative and talented people in the world. We want innovators, and that means maintaining an environment where they can flourish. Our only boss is the consumer. BigPay values highly collaborative, hard

working people, who can deconstruct problems on the fly and take the team with them, while being inventive, iterative and agile. We never want to reach a stage where you are not challenged on a daily basis - because it means we're not going fast enough.

We are hiring

W e are on the lookout for a focused Chief Information Security Officer (Malaysia) to join our dynamic team at BigPay. As BigPay's Head of Information Security for Malaysia, you'll play a pivotal role in guiding our information security, technology risk and data privacy initiatives. We seek a seasoned professional to leverage their extensive knowledge and hands-on expertise to fortify our cybersecurity and technology risk posture, aligning with our growth trajectory.

Job Description

• As part of RMiT requirement, be responsible for ensuring the BigPay's information assets and technologies are adequately protected, which includes:

  • formulating appropriate policies for the effective implementation of a robust technology risk management framework (TRMF) and cyber resilience framework (CRF)

  • enforcing compliance with these policies, frameworks and other technology-related regulatory requirements and

  • advising senior management on technology risk and security matters, including developments in the financial institution's technology security risk profile in relation to its business and operations.

  • Be independent from day-to-day technology operations keep apprised of current and emerging technology risks which could potentially affect the financial institution's risk profile and be appropriately certified (the certification can be at the country level specific)

• Design an information security strategy that effectively protects BigPay's information assets, including security standards
• In concert with our Group CISO ensure steer and timely completion of all technology risk items including relevant coordination with various teams for gathering information, providing inputs for regulatory and audit compliance across the group.
• Implement and enforce information security strategy with documented processes and protocols, including appropriate security controls across the organisation
• Maintain pro-active security measures on a periodic basis (including security reviews of new functionality and code changes, vulnerability scans etc.), and effective and rapid incident response mechanisms
• In concert with our Group Chief Legal and Compliance Officer and their team ensure compliance with applicable regulations
• Play a key role in business continuity planning and risk management
• Be responsible for any regulatory reporting requirements around information security
• Engage with stakeholders including management, investors, regulators, legal authorities and others and provide them with clear and concise perspectives on information security
• Independently communicate the respective region's information security strategy, technology risk strategy, performance and issues to Boards' Risk and Audit Committees as necessary

Key Responsibilities:

• Security Architecture & Strategy:

  • Design and develop a holistic information security and data privacy program, scaling with company growth. Formulate best practices and set security standards, while preparing and documenting SOPs and protocols.

  • Spearhead security assessment processes, encompassing penetration testing, vulnerability management, and secure software development.

  • Expand security tooling and automation efforts across the organisation.

• Threat Management, Mitigation and Regulatory Compliance:

  • Proactively spot security issues and threats, devising robust processes and systems to safeguard against them.

  • Steer compliance endeavours, including external audits, regulatory compliance initiatives, and overarching security evaluations.

  • Convey infosec and data privacy operational goals, relaying their impact to stakeholders.

• .Stakeholder & External Communication:

  • Engage with outside stakeholders, encompassing customers, partners, compliance bodies, and other legal/regulatory authorities.

  • Deliver strategic risk guidance, evaluating and suggesting technical standards and controls. Set in place a robust incident management process.

• Design and execute an information security strategy that effectively protects BigPay's information assets.

• Define and enforce information security standards across the organisation.

• In concert with our compliance and legal team, ensure compliance with applicable regulations.

• Select, implement and maintain appropriate technical security controls.

• Maintain effective proactive security measures and effective and rapid incident response.

• You will also be heavily involved in business continuity planning and risk management.

To be successful

• At least 7 years of proven information security management experience.

• Bachelor's degree in computer science, Cybersecurity, or related fields.

• Certifications like CISSP and/or CISA are preferred.

• Expertise in compliance, especially in frameworks such as COBIT, ITIL, ISO27001/2, NIST, and SOC2.

• Hands-on experience in security assessment, technology risk governance, cloud architecture, threat modelling, and policy drafting.

• In-depth comprehension of Secure SDLC, DevSecOps, or security automation.

• Ability to communicate effectively with external Data Privacy and Info Sec representatives.

• Knowledge of MY legislation such as RMiT is mandatory. Additional knowledge of MAS and BOT regulations, HIPAA, SOX, PCI, and GDPR is preferred.

• ISO27001 auditor or implementer experience can be additional plus.

We are all different - one talent to another - that is how we rely on our differences. At AirAsia, you will be treated fairly and given all chances to be your best.We are committed to creating a diverse work environment and are proud to be an equal opportunity employer. Search Firm Representatives - AirAsia does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Gdpr, security automation , Hipaa, Cisa, SOC2, Implementer, Itil, DevSecOps, Pci, Cobit, Cissp, nist, secure sdlc , Sox