POSITION PURPOSE
• The Business Security and Compliance Officer will report directly to a local Head of Engineering and Architecture and is responsible for:
- managing and driving the work with information security, physical security and service fraud in Wave Money
- will be the contact person within these areas for Wave Money and Group Security functions
- oversee the compliance of the Technology Team to Wave Money’s ITIL practices, process and policy
• As a Business Security and Compliance Officer you are expected to work alongside a diverse team, with a broad field of expertise and strengthening the work with security by implementing an industry standard and business driven security organisation. You must stay firm during hectic periods and keep focus when everything is quiet. You will be the face of Security both internally and to Group Security teams, and in this respect you have to be articulated, clear, and be able to think on your feet.
• The local Business Security and Compliance Officer is expected to closely interact with Group Business Security as well as with all functions in Wave Money and to take responsibility for the internal security level. There will be high expectations of sharing responsibility, contribute in all fields and willingness to learn and understand security in a broad definition.
• The role will also involve promoting the compliance and adoption of ITIL practices for Wave Money’s Technology Operations and DevOps teams.

KEY RESULT ARES
• Delivery of the local IT security and infrastructure operations strategy, align with the Group security strategy.
• The key objectives are high available and secure systems which meet customer and business objectives, by closely monitoring, proactively maintaining, and quickly / effectively responding to incidents.
• Implement a learning process so that incidents are not just dealt with in terms of fix / fail, but identify root cause analysis, knowledge sharing and learning practices to improve the overall Operations / Support capability.
• Positive engagement with technology and non-technology stakeholders which drives outcomes.
• Ensure that technology teams are following agreed procedures to comply with Wave Money’s ITIL framework
• Ensure that Wave Money’s ITIL policies are updated and constantly relevant to the current architecture and operations

KEY RESPONSIBILITIES and ACCOUNTABILITIES
• Implement an industry standard and business driven security and infrastructure operations organization
• Interact with Group Business Security and with employees, top management and other stakeholders in Wave Money
• Responsible for Local security-related policies and supporting documents, working alongside the Enterprise Architect, Head of Engineering and Wave Money’s out-sourced security partners
• Own and communicate the local security risk picture
• Responsible for security-related awareness and training activities for employees and managers
• Develop Wave Money as a security conscious company at all levels
• Contribute to all areas of security and infrastructure compliance
• Collaborate across security domains in an international work environment
• Some traveling must be expected
• Building and driving Financial Services security and infrastructure strategy, aligning with Group Standards
• Defining Wave-specific security and infrastructure operations policies and standards
• Overseeing the implementation of, and monitoring compliance to such standards and policies
• Advise the Group Financial Services (FS) Board in all security matters
• Maintain and develop relationships with industry security forums and peers
• Monitor and manage the remediation of cyber risks
• Define and participate in incident management process
• Constantly drive security and infrastructure management process improvement
• Contribute to the assessment and advisory for Disaster Recovery capability
• Liaise with outside vendors/consultants in performing security assessments.
• Oversee the selection, development, deployment, monitoring, maintenance, and enhancement of the organization’s cyber security technology
• Advise on application security architecture and design
• Advise on best practice in infrastructure security
• Advise on data privacy and protection
• Liaise closely with the FS Risk function for the reporting and management of security risks
• Liaise closely with the Group Security Officer, alongside the Head of Architecture and Engineering, as well as the CTO

KEY PERFORMANCE AND SUCCESS INDICATORS
KPIs
Financial:
• Delivery of capability which supports the Revenue objectives of Wave Money (keep systems up at all times)
• Expense minimization whilst hitting all key objectives
Network:
• Safe, Stable, easy to use platform which is highly functional so that Wave is seen as the preferred supplier in the market
• Simplified support operations so that staff are able to easily work in the environment
• Team Compliance to company and group Security and ITIL policies
Individual:
• Result-based improvement
• Leadership and people management / staff development

KEY STAKEHOLDERS
• Wave Money: CEO, CTO, Head of Engineering and Architecture , Head of Product & Digital Payments, Technology Program Manager , Product Manager , Software • Development Lead , App Developement team ,Release/Test Manager,
• Group partner: Group IT, Group Strategy, and Group PMO
• Yoma partner: IT, Digital
• External: Regulators, Startups, payments companies
• Vendors: App, website, middleware, core mobile financial services platform

EXPERIENCE, FUNCTIONAL SKILLS AND KNOWLEDGE AREAS
• Cyber and IT security experience in the financial or telecommunications services industry
• Relevant Bachelor degree or equivalent in business administration, IT, engineering, computer science, security, telecommunications or related field
• Highly skilled in ITIL practices, policies and processes
• Minimum 5 years of relevant experience within security and infrastructure management
• Experience as a Manager or Senior Team Leader
• Financial services business understanding and experience
• Experience from different fields of expertise can be an advantage
• Audit skills in terms of practice, training or formal certification is an advantage
• Governance of security risks and compliance
• Identification, assessment and remediation of cyber risks
• Information security technologies, markets and vendors, including firewall, intrusion detection, assessment tools, encryption, certificate authority, web, and application development
• Application security in the banking industry at all layers in the stack
• Securing databases and other technologies used to store enterprise information
• Authentication and authorization technologies and techniques
• SANS, SABSA, or similar information security certificate and advantage
• An agile, versatile and flexible approach, and the ability to work with constantly changing priorities
• Fluent English & Burmese languages, both written and verbal

PERSONAL QUALITIES
• A strong communicator with excellent oral, presentation and written communication skills in English.
• Ability to get the best out of a team
• A team player that drives cross-functional and -organizational cooperation
• Bold and innovative mind-set with strong professional integrity and strong commitment to security
• Ability to see the big picture, evaluate risks and support decisions
• Analytic, resourceful and solution oriented
• Ability to quickly acquire and utilize knowledge on new technologies and solutions, emerging threats and vulnerabilities