Chief Information Security Officer

We are seeking a high-impact Cyber Security Leader to serve as a designated CISO for one of our a prestigious clients in Malaysia in the financial services space.The CISO will be the principal architect of our client’s cyber resilience, evolving their security posture from infrastructure-centric to application-centric. As the client undergoes rapid digital transformation, the CISO will ensure that the digital ecosystem meets the highest security standards.As the client moves toward a cloud-native, API-driven ecosystem, you will be the primary architect of their Secure Software Development Life Cycle (S-SDLC).You will bridge the gap between high-speed Agile development squads and the rigorous regulatory requirements of Bank Negara Malaysia (BNM). Your mission is to ensure that /"Security-by-Design/" is not just a policy, but a functional reality across the bank’s entire digital portfolio, including their flagship mobile and SME platforms.Key Responsibilities1. Application Security & DevSecOps Leadership (The /"Tilt/")· Secure Software Development Life Cycle (S-SDLC): Standardize and enforce AppSec tooling (SAST, DAST, IAST, and SCA) across all development workstreams.· API & Ecosystem Security: Oversee the security of Open Banking APIs and third-party integrations, ensuring robust authentication and data protection between Maybank and its digital partners.· Shift-Left Strategy: Drive the cultural and technical shift to integrate security testing into CI/CD pipelines, reducing /"time-to-remediate/" for vulnerabilities in the MAE app and core banking systems.· Cloud-Native Security: Define security architectures for hybrid and multi-cloud environments, focusing on container security (Kubernetes/Docker) and serverless functions.2. Regulatory Compliance (BNM RMiT & Personal Data Protection Act)· RMiT Governance: Act as the primary liaison for Bank Negara Malaysia (BNM) on all technology risk matters, ensuring 100% compliance with the Risk Management in Technology (RMiT) policy document.· Cyber Resilience Framework (CRF): Lead the implementation of the IPDRR (Identify, Protect, Detect, Respond, Recover) framework as per BNM requirements.· Mandatory Assessments: Oversee annual Penetration Testing, quarterly Vulnerability Assessments, and triennial Red Team simulations (adversarial attack simulations).3. Strategic Risk Management· Zero-Trust Implementation: Move the bank away from /"walled garden/" security toward a Zero-Trust Architecture (ZTA), focusing on identity-based access and micro-segmentation.· Threat Intelligence: Leverage AI-driven threat hunting to stay ahead of regional threats, specifically targeting financial fraud, credential stuffing, and mobile malware.· Third-Party Risk (TPRM): Evaluate and monitor the security posture of fintech vendors and cloud service providers (CSPs), ensuring they meet client’s stringent supply-chain security standards.

Apply Now