Chief Information Security Officer [RID-00294]

Chief Information Security Officer [RID-00294]

Introduced in July 2018, Setel is a mobile platform that aims to delight customers by innovating for better, inclusive mobility. Setel serves customers across Malaysia by powering one app as the constant companion to ease motorists’ journey across fueling, parking, EV charging, motor insurance, road tax, auto assistance, general purchases, and more across an ecosystem of PETRONAS petrol stations, retail partners, and online merchants.

Role Purpose:

We’re looking for a Chief Information Security Officer to keep our customer and business data safe and protect our systems from threats and vulnerabilities. At Setel, we are obsessed about delivering a seamless and frictionless retail experience for our customers. We strongly believe that we can only deliver these amazing experiences for our customers and merchants when we drive a work culture which inspires innovation, rewards risk-taking and celebrates success. If you live to solve hard problems, love proving out new technologies and take pride in your deliverables, then we’d love to meet you!

In This Role You Will:

• Provide hands-on leadership by setting the direction, strategy, deliverables, andoperating model for all aspects of Setel cyber security function
• Develop and implement a strategic, long-term cyber security strategy and roadmap toensure Setel’s information services and assets are adequately protected as per the Setelgroup’s risk appetite
• Have ownership of cyber security across the Setel group of companies, with directreporting to the CEO of Setel Pay, and dotted line reporting to the CTO of Setel Ventures& PETRONAS Digital’s CISO.
• Develop, mentor, and manage a high performing staff of cyber security professionals,including resource and budget planning to grow the cyber security organisation for Setel
• Lead and champion Secure Software Development Lifecycle (SSDLC) and DevSecOpspractice across our development and SRE teams
• Implement application security testing strategy not limited to static code review, black-boxand white-box vulnerability and penetration testing, and network security scans
• Liaise across the business units (Engineering, Product, Compliance, Operations etc) toimprove overall security posture of the organisation
• Liaise and collaborate with PETRONAS Group on shared security concerns andsolutions
• Oversee the Security Operations Center (SOC) in proactively identifying and preventthreats, as well as reactively recover from security incidents
• Oversee the Technology Risk Management Function (TRMF) that assess andconsolidates technology risks to help guide senior management risk and remediationdecisions
• Ensure that the security management program is in compliance with applicable laws,regulations, policies, and contractual requirements, for example - PCI-DSS, BNM’s RMiTframeworks, etc.
• Define resource, training, and technology requirements to ensure the organisation iswell-equipped with necessary knowledge to put security as job zero

You’re a great fit if you have:

• 7+ years experience in cyber security, application security, information security orequivalent field
• Hands-on working knowledge in managing and delivering application security, securitypenetration testing and/or vulnerability management services
• Well-versed in cyber security frameworks, information security principles, architecture,and cryptography.
• Hands-on experience with Application Security and Security Penetration Testingprocesses, technologies and industry frameworks (eg OWASP\CREST\CVE\CVSS)
• Experience working on either BNM RMiT or equivalent banking frameworks and/orPCI-DSS in technology risk management, security requirements and governance
• Great verbal and written communication skills horizontally and vertically
• Experience working with a distributed team across multiple time zones

What Makes Working With Us Awesome

• Our people and culture: You will get to work with awesome and friendly colleagues to whom you can expect to collaborate well to deliver your work. Empowerment is given and you will get a lot of opportunities for peer-learning.
• Availability of tools and applications: You will be provided with different tools to facilitate your work. Automate your work whenever possible so that you can focus on delivering impact for your role.
• Development focused: Your learning and growth matters most for us. We are people centric and always ready to help our people to define what they want to make an impact on and craft their learning plan accordingly.
• Relax and unwind at the leisure area with video games, board games, books, and more.
• Wear your favourite jeans, or any cool OOTD so that you can work comfortably (in style).
• Coffee, tea, or snacks are available for consumption at the pantry. Because you’ll be happier with a full tummy.
• A healthy body leads to a brilliant mind. Let’s get moving with the inter-company sports team.
• There will be workshops, talent shows, sport activities, and other events for sharing and bonding.

Personal Data Protection

Setel Ventures Sdn Bhd (“Setel”, “we”, “our” “us”) is committed to protecting and respecting your privacy. This Setel privacy statement (“Privacy Statement”) explains what personal data we collect about you, when and why we collect it, how we use it, the conditions under which we may disclose it to others, your rights to your personal data and how we keep it secure. This Privacy Statement covers both our online and offline collection activities, including personal data that we collect through online platforms such as websites, applications, third party social networks or our online and physical events, or through other third parties that we work with. Please read this Privacy Statement carefully to understand our views and practices regarding your personal data.