Senior Manager Information Security Specialist

SUMMARY OF RESPONSIBILITIES

The Senior Principal Information Security Specialist's role in the Cybersecurity Governance, Risk, and Compliance function is implementing governance processes and systems, assessing and managing cyber security risks, and monitoring and ensuring compliance with cyber security policies and regulatory requirements to protect the country's payments ecosystem against evolving cyber threats. You will also take a leading role in elevating the payments ecosystem through implementation of collaborative initiatives.

KEY AREA OF RESPONSIBILITIES

Governance

• Enhance governance processes and systems, leveraging automation, data, analytics and AI
• Establish and implement risk-based and threat-based monitoring and reporting utilizing automation and data collection and analysis
• Prepare and update information security policies, architectures, standards, and technical documents
• Improve cyber security risk management and overall CISO Office operations through process improvements, data analytics, automation and AI
• Collaborate with internal teams from various divisions and departments to improve governance and enhance cyber resiliency

Risk

• Develop and provide input into cybersecurity risk management strategies aligning to corporate strategy and goals
• Enhance cyber risk assessment processes
• Perform cyber risk assessment and assist and provide advice on mitigation measures
• Participate in other periodic assessments and thematic reviews and provide practical recommendation
• Develop and maintain cyber risk monitoring for PayNet’s ecosystem (participants and critical service providers)
• Monitor, report, and recommend improvements for cyber security operations
• Provide advisory in the areas of cybersecurity to various stakeholders including in forums/committees
• Execute business-as-usual activities such as awareness, cyber drills and crisis simulation, and others st
• Responsible and accountable for implementing strategic cybersecurity initiatives
• Collaborate with internal teams from various divisions and departments to cyber risk management 

Compliance

• Assess compliance against legal and regulator requirements using modern approaches such as data analytics, automation, and AI
• Monitor laws, regulations, industry standards, and ethical requirements related to information security and privacy, and ensure PayNet's compliance
• Collaborate with internal teams from various divisions and departments to enhance compliance to legal and regulatory requirements

Payments Ecosystem Cybersecurity Collaboration

• Establish collaboration with the payments ecosystem (banks, third party acquires, e-wallets, fintechs and other entities) in the areas of cyber risk management, AI governance, and research and development
• Establish collaboration with other internal organisation such as research institution

Research and Innovation

• Participate in research and development in the area of the impact of AI on cyber risk
• Participate in formulation of AI governance for the ecosystem
• Continuously explore new ways to improve governance, risk and compliance processes using AI, automation, and data and analytics

KEY REQUIREMENTS

• Understanding of cyber security risks covering both PayNet and the payments ecosystem
• Understanding of international, regional, and local regulatory requirements and guidelines and standards for cyber security, data protection, and privacy specifically for the financial industry
• Experience and familiarity in implementing leading practices, standards, frameworks, and guidelines for managing cyber security risks
• Experience related to information and cyber security strategy planning, security architecture design and review
• Experience and understanding of security operations, security management, IT and network infrastructure, IT operations, technology and solution architecture, cloud architecture, and overall IT operations and IT service management
• Familiarity and experience with security technology and solution design and implementation, especially in the areas of security monitoring and detection such as SIEM, SOAR, and overall security operations centre’s operations and management
• Experience in managing and leading a team, and ability to work cross-function and cross-domains
• Experience in AI/ML, GenAI and LLM, and data analytics will be an added advantage

Additional Requirements

• Excellent interpersonal, facilitation, and management skills, along with effective communication (both written and verbal) skills
• Strong history of external engagement with industry peers, working groups, and cybersecurity communities
• Strong analytical and problem-solving skills
• Possess critical and creative thinking skills and a growth mindset

QUALIFICATIONS

• Degree in Information Technology (IT), Computer Science or other related discipline with relevant experience in managing cyber risk in financial market infrastructures, critical national infrastructure, or other industries
• 10-15 years or more of experience in cybersecurity, IT, or a combination of both
• Experience in managing and leading teams of various sizes
• Demonstrated experience in providing security advice to a wide range of stakeholders
• Strong project management skills