Chief Information Security Officer

We are seeking a high-impact Cyber Security Leader to serve as a designated CISO for one of our a prestigious clients in Malaysia in the financial services space.

The CISO will be the principal architect of our client's cyber resilience, evolving their security posture from infrastructure-centric to application-centric. As the client undergoes rapid digital transformation, the CISO will ensure that the digital ecosystem meets the highest security standards.

As the client moves toward a cloud-native, API-driven ecosystem, you will be the primary architect of their Secure Software Development Life Cycle (S-SDLC).

You will bridge the gap between high-speed Agile development squads and the rigorous regulatory requirements of Bank Negara Malaysia (BNM). Your mission is to ensure that Security-by-Design is not just a policy, but a functional reality across the bank's entire digital portfolio, including their flagship mobile and SME platforms.

Key Responsibilities

1. Application Security & DevSecOps Leadership (The Tilt)

Secure Software Development Life Cycle (S-SDLC): Standardize and enforce AppSec tooling (SAST, DAST, IAST, and SCA) across all development workstreams.

API & Ecosystem Security: Oversee the security of Open Banking APIs and third-party integrations, ensuring robust authentication and data protection between Maybank and its digital partners.

Shift-Left Strategy: Drive the cultural and technical shift to integrate security testing into CI/CD pipelines, reducing time-to-remediate for vulnerabilities in the MAE app and core banking systems.

Cloud-Native Security: Define security architectures for hybrid and multi-cloud environments, focusing on container security (Kubernetes/Docker) and serverless functions.

2. Regulatory Compliance (BNM RMiT & Personal Data Protection Act)

RMiT Governance: Act as the primary liaison for Bank Negara Malaysia (BNM) on all technology risk matters, ensuring 100% compliance with the Risk Management in Technology (RMiT) policy document.

Cyber Resilience Framework (CRF): Lead the implementation of the IPDRR (Identify, Protect, Detect, Respond, Recover) framework as per BNM requirements.

Mandatory Assessments: Oversee annual Penetration Testing, quarterly Vulnerability Assessments, and triennial Red Team simulations (adversarial attack simulations).

3. Strategic Risk Management

Zero-Trust Implementation: Move the bank away from walled garden security toward a Zero-Trust Architecture (ZTA), focusing on identity-based access and micro-segmentation.

Threat Intelligence: Leverage AI-driven threat hunting to stay ahead of regional threats, specifically targeting financial fraud, credential stuffing, and mobile malware.

Third-Party Risk (TPRM): Evaluate and monitor the security posture of fintech vendors and cloud service providers (CSPs), ensuring they meet client's stringent supply-chain security standards.