The APAC Head of Cybersecurity, VP/ SVP is responsible for defining and executing the regional cybersecurity strategy, ensuring strong protection of information assets, regulatory compliance, and operational resilience across all APAC markets. This role requires a blend of strategic leadership and hands-on technical expertise to drive security architecture, governance, operations, and incident response. The successful candidate will work closely with global security teams, regional IT, local market IT and business leaders to embed a consistent and robust security posture across the region.
Key Responsibilities:
1. Cybersecurity Strategy and Governance
- Define and implement a comprehensive cybersecurity strategy for the APAC region aligned with global objectives and business needs.
- Develop and maintain governance frameworks, policies, and procedures to manage cybersecurity risks.
- Lead cybersecurity maturity assessments and drive improvements across countries.
- Act as the primary advisor to regional leadership on cybersecurity risks, trends, and best practices.
2. Security Operations and Incident Response
- Oversee regional security operations, including threat detection, incident response, and vulnerability management.
- Lead the development and testing of incident response plans and disaster recovery strategies.
- Collaborate with global security teams to enhance SOC (Security Operations Center) capabilities and threat intelligence.
- Lead post-incident reviews and implement improvements based on lessons learned.
3. Risk Management and Compliance
- Conduct regular risk assessments to identify, prioritise, and mitigate cybersecurity risks within the region.
- Work closely with the compliance and legal teams to ensure adherence to cybersecurity regulations and industry best practices.
- Collaborate with the Internal Audit team to support IT and cybersecurity audit activities and drive remediation efforts.
- Manage third-party vendor assessments to ensure external vendors meet security standards and practices.
4. Security Awareness and Training
- Develop and implement cybersecurity awareness programs to educate employees on safe digital practices and threat prevention.
- Ensure ongoing compliance with mandatory cybersecurity training across the region and support awareness initiatives.
5. Technology and Project Management
- Lead and manage regional cybersecurity projects, including network security, data protection, identity and access management, and cloud security initiatives.
- Ensure the deployment, integration, and continuous improvement of security technologies across regional systems.
- Work with IT teams to align cybersecurity measures with business needs and operational requirements.
6. Collaboration and Leadership
- Build and lead a high-performing regional cybersecurity team through recruitment, mentorship, and development.
- Foster collaboration between regional and global cybersecurity teams to support organizational goals.
- Serve as the primary cybersecurity contact for external auditors, regulators, and other stakeholders as needed.
Reports to: APAC Chief Information Officer
Qualifications:
- Education: Bachelor's degree in Computer Science, Information Security, or a related field. A Master's degree is preferred.
- Certifications: CISSP, CISM, CISA, or equivalent cybersecurity certifications.
- Experience: Minimum of 10-15 years of experience in cybersecurity, with at least 5 years in a leadership role, ideally within the insurance or financial services industry.
- Technical Skills: Proficiency in threat management, vulnerability assessment, security incident response, and security frameworks (e.g., NIST, ISO 27001).
- Regulatory Knowledge: Strong understanding of regulatory requirements impacting cybersecurity in the financial sector, e.g., MAS TRM, PDPA, BNM RMiT, HKMA, APRA.
- Soft Skills: Excellent communication, leadership, and stakeholder management skills, with a proven track record of influencing cross-functional teams.
