Job Seeker Reactivate Your Account
Thank you, this account has been Deactivated.
Do you want to Reactivate your account?
No
Yes

Deputy Head / Head Of Technology Security & Risk

Yoma Bank
| Yangon
Verified This job has been verified by the company as a real job vacancy.
28 Mar 2019
Recruiter active 19 hours ago The recruiter at this company was last active reviewing applications.
Sorry, Unable to Apply
x
55%
Please Upload CV Attachment, or update your JobNet Profile to at least 55% of completion.
Upload CV
Update Profile
Deputy Head / Head Of Technology Security & Risk
Yoma Bank, | Yangon

Deputy Head / Head Of Technology Security & Risk

Yoma Bank

Deputy Head / Head Of Technology Security & Risk

Yoma Bank
Recruiter active 19 hours ago The recruiter at this company was last active reviewing applications.
Myanmar - Yangon
Verified This job has been verified by the company as a real job vacancy.

Experience level

Manager

Job Function

IT Hardware, Software

Job Industry

Banking/ Insurance/ Microfinance

Min Education Level

Bachelor Degree

Job Type

Full Time

Job Description

A Fantastic Opportunity for ...

As a Deputy Head/ Head of Technology Security & Risk, together with your team, you will be responsible for incident response, vulnerability management, and security awareness training for the entire company. In this role, you will need to stay on top of the latest threats and trends that are relevant to corporate information security in order to keep all of Yoma Bank’s systems, endpoints, networks, and accounts secure.

KEY ACCOUNTABILITIES:

•Implement organization-wide IT Security strategy, policies and standards that are in line with the regulatory requirements, consult stakeholders for feedback on policy and standard development, review and refine policies and standards and ensures that the best practices are implemented.
•Responsible and ensure compliance of security programmes and security efforts across the Company, as well as cybersecurity risk management and compliance. Responsible to manage the design and implementation of preventative and detective security processes and procedures.
•Responsible for overall Cybersecurity Risk Assessment Framework, and manage the annual cybersecurity risk assessment exercises inclusive of new projects' Threat Risk Assessment (TRA), Vulnerability Assessment, Penetration Testing, Security Systems Testing etc.
•Advise management on the appropriate cyber security solutions and technologies to be deployed.
•Participate in major IT resiliency exercises (e.g. DRP and BCP), inclusive of Sector-wide or Nation-wide cyber security exercises.
•Perform to define and conceptualize the overall security stack/ blueprint (including application security) for the Company, oversee implementation and deployment of the roadmap/strategic blueprint.
•Manage the utilization of financial resources and IT assets, prepare and obtain approval for budget, monitor budget utilization to ensure proper usage and compliance to policies and procedures.
•Develop the culture of appropriate cyber security risk assessment and risk acceptance across from stake holders to end users and ICT professionals.
•Research, analyze and triage vendor and open source intelligence feeds and translate them into actionable cyber intelligence for SOC operation team to monitor and setup the proper incident response team.
•Implement Security Incident Response Plan with change management process to keep up with evolving threat landscape.
•Perform analysis on campaigns, threat actor TTPs (Tactics, Techniques and Procedures), technical indicators of compromise, cyber-attack trend, and exploitation of technology.
•Produce concise tactical warning reports and other analytic reports that detail daily findings, events, and activities.
•Synthesize cyber threat intelligence into non-technical weekly, monthly and ad-hoc reports for senior management and relevant business stakeholders.
•Maintain up-to-date security industry awareness and malware trends, and be able to understand how emerging threats may potentially impact the organization.

Open To

Male/Female

Job Requirements

Knowledge & Skills
Essential
•Extensive knowledge of regulatory standards and best practices, including ISO27001, PCI-DSS, GDPR, OWASP, NIST, SANS, Privacy Laws.
•Assess the security implications of new technologies.
•Experience of developing and delivering a full IT security strategy and vision.
•Strong interpersonal and stakeholder management skills.
•Ability to work with cross-functional, multi-disciplined team to formulate, institute and monitor security policies and procedures.
•Knowledge of emerging digital or online technologies, online social behaviors, and computer or Internet jargons.

Education & Special Training
Essential
•Bachelor’s degree or equivalent experience in Computer Science/IT or Technology.
•Professional security related qualification (i.e. CISSP , CISA, GCIA, GCIH, etc) is preferred but not mandatory.

Experience
Essential
•At least 10 years of management experience related to information security and working knowledge of security policies and procedures.
•Good knowledge in SIEM and network security (i.e. Firewalls, WAF, IDS, IPS, VPN, HIPS, ADS and TCP/IP protocols).
•Experience in cyber threat intelligence gathering and able to develop statistically significant patterns related to cyber threats.
•Significant experience leading or participating incident response, vulnerability management, and security awareness training in fast-paced environment.
•Experience collaborating successfully with security, compliance, and IT teams.
•Highly developed research and analytical skills.
•DevOps familiarity with automation tools and repository management.
•Good understanding of both IT and business processes and the relationship between them.

Desirable
•Experience in the Banking sector is a plus.
•Experience in scripting (PowerShell, Python, Ruby, etc.) or Programming.

Languages
Essential
•Excellent verbal and written communication skills; English, Myanmar a plus.

What We Can Offer

Benefits

- Annual Performance Bonus
- OT Payment
- Ferry Provided

Highlights

  • An awesome company
  • Join a winning team
  • You can make a difference

Career Opportunities

  • Opportunities for promotion
  • Possibility for job training
  • Learn new skills and techniques