Chief of Information Security Officer - CISO [RID-00601]

About Setel:

The Future of Mobility

Introduced in July 2018, Setel is a mobile platform that aims to delight customers by innovating for better, inclusive mobility. Setel serves customers across Malaysia by powering one app as the constant companion to ease motorists’ journey across fueling, parking, EV charging, motor insurance, road tax, auto assistance, general purchases, and more across an ecosystem of PETRONAS petrol stations, retail partners, and online merchants.

Role Purpose:

We’re looking for a Chief Information Security Officer to keep our customer and business data safe and protect our systems from threats and vulnerabilities. At Setel, we are obsessed about delivering a seamless and frictionless retail experience for our customers. We strongly believe that we can only deliver these amazing experiences for our customers and merchants when we drive a work culture which inspires innovation, rewards risk-taking and celebrates success. If you live to solve hard problems, love proving out new technologies and take pride in your deliverables, then we’d love to meet you!

In This Role You Will:

• Define and continuously evolve Setel’s cybersecurity direction and strategy to meet Setel’s risk appetite and ensure Setel’s cyber resilience against a diverse and changing landscape of cyber threats and business needs.
• Shape and manage Setel’s cyber security risk profile, taking into consideration the organization’s business complexity, technical landscape and risk appetite, to best advise and provide strategic insights to the Setel leadership on their cybersecurity risks and the corresponding actions to take to mitigate these risks.
• Oversee the development and deployment of Setel’s cybersecurity governance framework (e.g. Technology Risk Management) and the corresponding policies, standards, procedures and controls that identify, assess and consolidate technology risks, to help guide senior management risk and remediation decisions.
• Oversee and champion the development and deployment of strategies in key cybersecurity focus areas, including but not limited to identity and access management, application security, cloud security, and data security, to ensure security controls are addressed adequately to minimize cyber risk in Setel’s environment.
• Provide advice and support to Setel’s business functions by keeping up-to-date with existing and emerging cyber threats, regulations and breaches experienced in the financial services industry, to raise awareness and minimize the impact of such threats on the confidentiality, integrity, availability of Setel’s business critical systems.
• Ensure cross-functional collaboration across Setel’s business units (e.g. Engineering, Product, Compliance, Operations etc.) and external groups (e.g. PETRONAS Group, PETRONAS Dagangan Berhad, Bank Negara Malaysia, Paynet) to efficiently manage cyber risks and threats and improve the overall security posture of the organisation.
• Direct and ensure Setel’s cybersecurity assurance and compliance with applicable laws, regulations, policies, and contractual requirements, e.g. PCI-DSS, BNM’s RMiT, Paynet compliance, etc., in a structured and sustained manner to ensure Setel is able to operate in a safe, secure and compliant manner.
• Oversee key cyberdefense capability across incident management (covering oversight on activities across Security Operations Center), vulnerability management and threat intelligence/threat hunting operations to ensure Setel Cybersecurity is able to proactively identify and prevent threats, as well as recover efficiently from security incidents.
• Direct and oversee the cybersecurity portfolio to establish the requisite budget that will ensure resource, training, and technology requirements that are sufficient, to ensure the organisation is well-equipped with the necessary people, processes and tools to effectively manage the organization’s cybersecurity.

You’re a great fit if you have:

• Bachelor’s Degree in Computer Science, information systems, engineering, software engineering or a related discipline.
• Cybersecurity certifications is compulsory e.g. CISM, CISP, CRISC, ISO 27001 Lead, or CCSP.
• Experience of at least 15 years in senior technology roles, with a latter emphasis on Cybersecurity across any relevant areas (within the last 5-6 years).
• Experience of at least 5 recent years in Financial Services in cybersecurity functions or at least in the deployment of technology in an FS environment.
• Expert knowledge in industry standard security frameworks such as RMiT, NIST, OWASP, ISO, etc.
• Proven expertise in core and emerging technologies (cloud, IAM, security platforms, DevSecOps, APIs, AI.
• Strong experience in technology risk governance, regulatory compliance, audit and risk management.
• Demonstrated track record in strategic planning and execution of enterprise IT and cybersecurity programmes.
• Solid experience in third-party and cloud risk management.
• Good networking and communication skills and experience in engaging with different levels of business stakeholders, regulatory bodies, industry peer groups.
• Excellent grasp in business analysis, research, forecasting and strategy development.
• Ability to balance and prioritise security requirements with business objectives based on detailed technical understanding of information and security threats, technologies and products, as well as the capability to translate those into business and management concepts.
• Experience building or redefining an information security function with resilient technology systems and applied compliance rigor.
• Experience in apprise management and board reporting, delivering clear insights and actionable recommendations to support executive decision-making.

What Makes Working With Us Awesome

• Our people and culture: You will get to work with awesome and friendly colleagues to whom you can expect to collaborate well to deliver your work. Empowerment is given and you will get a lot of opportunities for peer-learning.
• Availability of tools and applications: You will be provided with different tools to facilitate your work. Automate your work whenever possible so that you can focus on delivering impact for your role.
• Development focused: Your learning and growth matters most for us. We are people centric and always ready to help our people to define what they want to make an impact on and craft their learning plan accordingly.

Cool Perks/Benefits

• Hybrid working arrangement; Flexible working hours.
• Relax and unwind at the leisure area with video games, board games, books, and more.
• Wear your favourite jeans, or any cool OOTD so that you can work comfortably (in style).
• Coffee, tea, or snacks are available for consumption at the pantry. Because you’ll be happier with a full tummy.
• A healthy body leads to a brilliant mind. Let’s get moving with the inter-company sports team.
• There will be workshops, talent shows, sport activities, and other events for sharing and bonding.

Personal Data Protection

Setel Ventures Sdn Bhd (“Setel”, “we”, “our” “us”) is committed to protecting and respecting your privacy. This Setel privacy statement (“Privacy Statement”) explains what personal data we collect about you, when and why we collect it, how we use it, the conditions under which we may disclose it to others, your rights to your personal data and how we keep it secure. This Privacy Statement covers both our online and offline collection activities, including personal data that we collect through online platforms such as websites, applications, third party social networks or our online and physical events, or through other third parties that we work with. Please read this Privacy Statement carefully to understand our views and practices regarding your personal data.