We are seeking a seasoned Business Information Security Officer (BISO) to serve as the strategic security partner to business and technology stakeholders. This role will bridge cybersecurity, technology risk, and business functions, ensuring that security is embedded into business initiatives, digital transformation, and technology delivery.The BISO will play a critical role in translating enterprise security strategy into actionable initiatives aligned with business priorities, while proactively managing cyber risk in a complex, fast-paced banking environment.
Responsibilities
Business Engagement & Advisory
- Act as the primary security advisor to business units, providing guidance on cyber risk, security architecture, and secure solution design
- Partner with business, product, and engineering teams to embed security into digital initiatives, platforms, and application development lifecycles
- Translate technical risks into business impact and actionable insights for senior stakeholders
Security Risk Management
- Identify, assess, and manage technology and cyber risks across business-aligned portfolios
- Perform and oversee application security risk assessments, ensuring risks are identified early in the development lifecycle
- Drive risk-based decision-making, including risk prioritisation, mitigation planning, and tracking of remediation efforts
Threat Modelling & Application Security
- Lead and facilitate threat modelling exercises for critical applications, systems, and digital platforms
- Collaborate with engineering teams to identify attack surfaces, abuse cases, and potential vulnerabilities
- Ensure secure design principles are embedded across APIs, cloud-native applications, and distributed architectures
- Promote and integrate secure SDLC and DevSecOps practices, including code scanning, dependency management, and security testing
Security Strategy & Implementation
- Drive the implementation of enterprise security strategy within assigned business domains
- Collaborate with central security teams (e.g., Security Engineering, SOC, GRC) to ensure consistent and scalable security controls
- Support adoption of Zero Trust, cloud security, and modern application security practices
Stakeholder Management & Reporting
- Provide regular updates to senior leadership on cyber risk posture, key threats, and mitigation progress
- Influence decision-making at senior management and executive levels
- Drive security awareness and secure-by-design culture across the business
Requirements
- Minimum 15+ years of experience in cybersecurity, technology risk, or information security, preferably within banking or financial services
- Proven experience in a BISO, Application Security, or senior security advisory role, working closely with business and engineering stakeholders
- Strong hands-on experience in threat modelling and application security risk assessments
- Solid understanding of modern application architectures, including cloud-native, microservices, and APIs
- Experience implementing DevSecOps practices and secure SDLC frameworks
- Broad knowledge across security domains, including IAM, data protection, cloud security, and incident response
- Demonstrated ability to translate technical security risks into business outcomes and influence senior stakeholders
To apply:
If you're interested to apply or find out more, please share across your CV or reach out to Chen Yi at [Confidential Information] for a discussion. Due to anticipated high volume of applications, we regret to inform that only shortlisted candidates will be notified.
Reg: R1876389
Lic: 16S8060
