Senior Principal Information Security Specialist

SUMMARY OF RESPONSIBILITIES

1. Assist in the development and execution of PayNet’s cyber and information security strategy.
2. Provide technical and risk advisory on cyber and information security matters to various stakeholders.
3. Assess the adequacy, effectiveness and relevancy of security controls through various assessment methods and approaches.
4. Assess compliance to regulatory requirements and remediation efforts.
5. Lead, execute or manage cybersecurity initiatives. 

KEY AREAS OF RESPONSIBILITIES

Cybersecurity strategy

• Assist in the development, implementation, and operation of cyber security initiative and roadmap.
• Responsible for the successful execution of cybersecurity initiatives.
• Establish and enforce directive controls, validate internal detective and preventive security controls.

Work together with relevant stakeholders to achieve security objectives Security awareness Working and collaborating with a cross-functional team:

• Develop new security awareness strategies leveraging new innovations.
• Drive security culture and behavior internally through continuous security awareness programs.
• Establish and embed cultural and behavioral goals in the cyber security strategy.

Lead continuous security awareness program for PayNet Cyber risk management, governance, and compliance Collaborating and teaming with Risk Management, IT Risk Management, and IT Security:

• Provide advice to other stakeholders on technology risk and security matters, including developments in the PayNet’s technology security risk profile in relation to its business and operations.
• Prepare security related reporting to the senior management, Group Risk Committee and the Board.
• Establish and maintain threat models, monitor the cyber threat landscape and correlate with relevant cyber intelligence sources (formal and informal channels)
• Perform risk and compliance assessments.

 QUALIFICATIONS & EXPERIENCE

Minimum Qualifications

• Degree/Diploma in Information Technology (IT), Information Security or other related discipline
• 12 or more years of working experience in data security, data protection, IT, cyber security, internal or external audit
• Excellent people skills, decision making skills, organising and planning skills and leadership skills.

Technical requirements

• Understanding of data privacy and data security principles
• Familiarity with ISO 27001, NIST, CIS, MAS Technology Risk Management Guidelines or other information security management frameworks
• Understanding of data protection laws and regulatory requirements such as MCIPD, PDPA, FSA or the GDPR, and experience with cybersecurity legislation
• Knowledge of data protection related solutions and tools such as DLP, CASB and etc.
• Knowledge of encryption algorithms, secure communications, and data protection methods
• Understanding of data security and privacy laws and regulations
• Understanding of IT operations and security and how IT interfaces with business, risk management and compliance processes would be an advantage
• Experience in consulting background will be an added advantage
• Relevant professional certifications such as CISSP, CISA, CEH, GPEN, CISM, ISO27001 auditor would be an advantage
• Demonstrate ability to effectively apply knowledge of Project Management for efficient execution and management of assigned tasks
• Strong conceptual, strategic and analytical thinking skills
• Ability to document and explain technical details clearly and concisely to non-technical stakeholders
• Able to work under broad direction and a self-motivated individual who is able to work independently
• Responsible and accountable for work performed and decisions taken.