Core Purpose:
Overseeing all aspects of cybersecurity policies and infrastructure to prevent major and critical cyber-attacks, while proactively monitoring and mitigating cyber threats across the virtual bank's domains.
Key Responsibilities:
- Oversee and direct all aspects of cybersecurity across the virtual bank, including cybersecurity governance and day-to-day operations, as well as drives continuous improvement of cybersecurity capabilities
- Develop and enhance enterprise-wide Information and Cybersecurity (ICS) policies, standards, and procedures, and oversee compliance and continuous enhancements of these policies, standards, and procedures
- Establish and continuously refine a robust information security management framework to proactively identify, assess, and mitigate risks
- Ensure security specifications and IT security architecture are defined.
- Manage IT risks and cyber threats in alignment with the virtual bank's risk profile and present these risks to the Board of Directors and designated committees on a regular basis
- Proactively communicate and interact with stakeholders across all business units to promote adherence to applicable policies and standards
- Optimize the efficiency of Information Security functions and empower the CRO to effectively lead the second line of defense in safeguarding information and data assets
- Ensure IT security controls are implemented and operating effectively, and that these controls are commensurate with the IT risks and cyber threats faced by the organization
- Ensure staff have IT security and cyber threat knowledge, awareness, preparedness, and readiness to deal with cyber threats
- Report IT security incidents and provide opinions on IT risk management and cyber threats to IT Steering Committee and Risk Management Committee
- Lead and continuously improve the incident escalation process. This includes defining clear escalation paths, establishing communication protocols with internal departments and external regulators, and ensuring timely and effective response during a security breach.
- Provide comprehensive oversight, support, advice, and guidance to senior management and stakeholders regarding compliance with applicable data protection laws, with a strong focus on upholding the rights and freedoms of data subjects
Essential Qualifications:
- Experience in areas of information and cybersecurity including knowledge of cyber resilience, identity and access, network security, application security, and cloud security
- Experienced in leading a team of security professionals, with the ability to clearly explain and present information security risks to senior leadership and propose effective mitigation strategies
- Deep understanding of cyber risk management and compliance with cybersecurity frameworks such as NIST, ISO, CIS, and PCI-DSS
- Proven expertise in leading and maturing incident response capabilities, conducting thorough forensic investigations, and establishing and overseeing effective Security Operations Centers (SOCs)
- Relevant certifications such as CISSP, CISM, CISA or CCSP are desirable.
- Strong leadership, security analytical, and problem-solving skill
- Strong communication and collaboration skills in both English and Thai with the ability to work effectively with cross-functional teams
