You will support the Head of IT Security in driving governance, risk management, and cyber defence initiatives to safeguard Maybank's technology landscape.
Responsibilities:-
1. IT Security Assessments
- Perform technical security assessments across infrastructure, applications, and cloud environments.
- Provide expert guidance on security architecture and cloud security best practices.
- Evaluate systems to ensure compliance with security requirements and industry standards.
2. IT Security Governance
- Review and enforce IT security standards, procedures, and policies.
- Assess IT practices to ensure alignment with security frameworks and regulatory requirements.
- Maintain adherence of security processes and recommend improvements.
3. IT Security Technologies
- Manage and operate various security tools and platforms, including but not limited to:
- Breach and Attack Simulation (BAS)
- Control Validation Tools
- Active Directory Security (AD)
- Endpoint Detection and Response (EDR)
- Data Loss Prevention (DLP)
- Network Detection and Response (NDR)
- Provide technical expertise on the deployment, integration, and optimisation of security solutions.
4. IT Security Program Management
- Lead key security projects and initiatives from planning to execution.
- Act as the point of contact for security tool deployments and technology rollouts.
- Organise and execute cybersecurity exercises, including training and awareness programs for stakeholders.
- Ensure effective stakeholder engagement across departments.
5. Remediation Management
- Lead critical remediation programs to strengthen the organisation's security posture.
- Plan, strategize, and implement corrective actions based on risk assessments and security findings.
- Collaborate with cross-functional teams to drive timely resolution of identified security gaps.
Requirements:
- Bachelor's degree in a relevant field with at least 7 years of experience in IT security compliance and governance.
- Mandatory: CISSP certification
- Preferred: CISM, CISA, SANS, OSCP (highly regarded).
- Strong knowledge of IT security concepts, best practices, and regulatory requirements.
- Familiarity with the current cyber threat landscape, including Cyber Defence, MITRE ATT&CK, and threat-control mapping methods.
- Deep understanding of attack methodologies and defines strategies using IT security tools and products.
- Experience in secure systems development lifecycle (SDLC) assessments and security testing before deployment.
- Hands-on experience conducting cybersecurity assessments, gap analyses, and cyber drills.
- Ability to develop strategic security roadmaps and deliver comprehensive assessment reports with actionable recommendations.
- Extensive experience with certification and audit processes, including systems compliance best practices.
- Knowledge of application security and data analytics is an advantage.
- Strong communication and collaboration skills, with experience working in cross-functional teams.
Only shortlisted candidate will be notified.
