As a Deputy Head/ Head of Technology Security & Risk, together with your team, you will be responsible for incident response, vulnerability management, and security awareness training for the entire company. In this role, you will need to stay on top of the latest threats and trends that are relevant to corporate information security in order to keep all of Yoma Bank’s systems, endpoints, networks, and accounts secure.KEY ACCOUNTABILITIES:• Implement organization-wide IT Security strategy, policies and standards that are in line with the regulatory requirements, consult stakeholders for feedback on policy and standard development, review and refine policies and standards and ensures that the best practices are implemented.• Responsible and ensure compliance of security programmes and security efforts across the Company, as well as cybersecurity risk management and compliance. Responsible to manage the design and implementation of preventative and detective security processes and procedures.• Responsible for overall Cybersecurity Risk Assessment Framework, and manage the annual cybersecurity risk assessment exercises inclusive of new projects' Threat Risk Assessment (TRA), Vulnerability Assessment, Penetration Testing, Security Systems Testing etc.• Advise management on the appropriate cyber security solutions and technologies to be deployed.• Participate in major IT resiliency exercises (e.g. DRP and BCP), inclusive of Sector-wide or Nation-wide cyber security exercises.• Perform to define and conceptualize the overall security stack/ blueprint (including application security) for the Company, oversee implementation and deployment of the roadmap/strategic blueprint.• Manage the utilization of financial resources and IT assets, prepare and obtain approval for budget, monitor budget utilization to ensure proper usage and compliance to policies and procedures.• Develop the culture of appropriate cyber security risk assessment and risk acceptance across from stake holders to end users and ICT professionals.• Research, analyze and triage vendor and open source intelligence feeds and translate them into actionable cyber intelligence for SOC operation team to monitor and setup the proper incident response team.• Implement Security Incident Response Plan with change management process to keep up with evolving threat landscape.• Perform analysis on campaigns, threat actor TTPs (Tactics, Techniques and Procedures), technical indicators of compromise, cyber-attack trend, and exploitation of technology.• Produce concise tactical warning reports and other analytic reports that detail daily findings, events, and activities.• Synthesize cyber threat intelligence into non-technical weekly, monthly and ad-hoc reports for senior management and relevant business stakeholders.• Maintain up-to-date security industry awareness and malware trends, and be able to understand how emerging threats may potentially impact the organization.
QUALIFICATIONS REQUIREDKnowledge & SkillsEssential• Extensive knowledge of regulatory standards and best practices, including ISO27001, PCI-DSS, GDPR, OWASP, NIST, SANS, Privacy Laws.• Assess the security implications of new technologies.• Experience of developing and delivering a full IT security strategy and vision.• Strong interpersonal and stakeholder management skills.• Ability to work with cross-functional, multi-disciplined team to formulate, institute and monitor security policies and procedures.• Knowledge of emerging digital or online technologies, online social behaviors, and computer or Internet jargons.Education & Special TrainingEssential• Bachelor’s degree or equivalent experience in Computer Science/IT or Technology.• Professional security related qualification (i.e. CISSP , CISA, GCIA, GCIH, etc) is preferred but not mandatory.ExperienceEssential• At least 10 years of management experience related to information security and working knowledge of security policies and procedures.• Good knowledge in SIEM and network security (i.e. Firewalls, WAF, IDS, IPS, VPN, HIPS, ADS and TCP/IP protocols).• Experience in cyber threat intelligence gathering and able to develop statistically significant patterns related to cyber threats.• Significant experience leading or participating incident response, vulnerability management, and security awareness training in fast-paced environment.• Experience collaborating successfully with security, compliance, and IT teams.• Highly developed research and analytical skills.• DevOps familiarity with automation tools and repository management.• Good understanding of both IT and business processes and the relationship between them.Desirable• Experience in the Banking sector is a plus.• Experience in scripting (PowerShell, Python, Ruby, etc.) or Programming.LanguagesEssential• Excellent verbal and written communication skills; English and Myanmar.
- Annual Performance Bonus- OT Payment- Ferry Provided
- An awesome company
- Join a winning team
- You can make a difference
- Opportunities for promotion
- Possibility for job training
- Learn new skills and techniques
Yoma Bank is one of Myanmar’s largest private banks, with 2000 employees and more than 50 branches nationwide. The Bank was founded by Mr Serge Pun and its first branch was opened in August 1993 in front of the iconic Aung San Stadium in Yangon.Yoma Bank has invested heavily in technology to optimize its nationwide branch network and is recognized for its efficient remittance services. It was the first bank in Myanmar to use a computerized accounting system, and pioneered wireless banking communications. By 2003 Yoma Bank had grown to be one of the biggest banks in the country with 41 branches in 24 cities providing secure and efficient banking services nationwide.In 2003, Myanmar experienced a financial crisis which had a significant impact on the banking industry. This led to the closure of many private banks while Yoma Bank's business activities were severely limited and had to sustain on domestic remittances. Yoma Bank’s remittance service still remains to be the most reliable and trusted in the country.A new chapter began in August, 2012 when Yoma Bank regained its full banking license. With more than 50 branches across Myanmar, the Bank strives to become a leading SME Bank in Myanmar. With more than twenty years’ experience in Myanmar’s financial sector, Yoma Bank is well positioned to support the continued growth of the Country in this period of transition.