Security Engineer

Role & Responsibilities:

Technology and Cybersecurity Risk Governance

• Assist in maintaining the technology risk governance framework and supporting the achievement of relevant certifications.


• Support compliance activities with Bank Negara Malaysia’s RMiT policy and other regulatory requirements.


• Contribute to the development and review of IT and Cybersecurity Risk Appetite statements and governance strategies.


• Provide governance and controls oversight for technology and cybersecurity issues and risks.


• Support the coordination of the Information Security Working Committee and related governance forums.

Technology and Cybersecurity Risk Management

• Lead and execute periodic control assessments and risk assessments, ensuring comprehensive coverage of all critical technology and cybersecurity domains.


• Document, track, and report on risk assessment findings, ensuring clear communication of risk exposure and recommended actions to relevant stakeholders.


• Act as the primary risk manager for open risk issues, ensuring all risk commitments are tracked, escalated where necessary, and remediated in a timely and effective manner by risk owners.


• Prepare and report key risk metrics for management review.


• Provide control assurance support, including facilitation of risk assessments, deviations, and mitigation plans.


• Assist with internal and external audits, including coordination of control assessments and regulatory compliance.


• Conduct third-party security risk assessments (TPSA) and support supply chain security risk management.


• Track and follow up on audit findings and ensure timely closure.


• Monitor external threat intelligence and escalate emerging risks as needed.

Information Technology and Cybersecurity Policies and Standards

• Assist in reviewing, maintaining, and publishing information security policies, standards, and procedures.


• Support the approval, training, and dissemination of security policies and practices.


• Monitor IT department compliance with cybersecurity policies and controls.


• Recommend updates to policies and procedures to enhance operational efficiency and regulatory alignment.

Requirements:

1. Excellent verbal and written English broadly to senior both technical and none-technical audience


2. Good listening, negotiation and interpersonal skills


3. Ability to work independently and at the same time a team player


4. Bachelor's degree (preferably in IT) in computer science, computer engineering, information systems, or a related study, or equivalent.


5. Must have at least 8 years of relevant working experience in the managing of information and cyber security risks, FI-experienced preferable or enough work engagement in the Financial Industry.


6. Industry-recognized professional information security certifications e.g. CISSP, CISA, CISM, CRISC, CGEIT is an added advantage.


7. Solid understanding of operations and technology including Cloud.  Direct and matured experience will be an added advantage.


8. Good understanding of the insurance business domain and its critical success factors.


9. Strong conceptual and analytical mindset supported by the ability to amass and integrate diverse information from various sources into technology and cybersecurity risk conclusions and recommendations.


10. Strong sense of resourcefulness in sourcing data and meticulous in detail analysis besides the dexterity of learning and assimilating the multitude of disciplines in IT and Business functions.


11. Ability to develop a comprehensive understanding of business, market, industry and relate that knowledge to identified operations- and IT-related risks


12. Knowledge necessary to propose relevant IT responses to changing business risks and regulatory changes


13. Has in depth understanding of business risk, IT Governance, Enterprise Risk Management, Information security, and local regulatory compliance requirement.


14. Must have experience with the engagement and interacting with the financial regulator (BNM).


15. Results driven with strategic qualities.


16. High degree of integrity, responsibility and ability to work with little supervision