Job Description:Key ResponsibilitiesDevelop, maintain, and enforce the organization's information security policies, standards, and guidelines to ensure IT systems and applications comply with security best practices, regulatory requirements, and internal compliance obligations.Govern and enforce cloud security controls, baseline configurations, and secure architecture patterns across cloud, on-premise, and hybrid environments.Supervise security assessments, including vulnerability assessments, penetration testing, and technical reviews; ensure remediation plans are defined, prioritized, and implemented in accordance with approved policies.Manage identity and access management controls, including privileged access, service accounts, and secure authentication mechanisms.Review and approve changes to security controls, including firewalls, VPNs, routing configurations, operating system hardening, and IDS/IPS rules.Collaborate cross-functionally with technology, operations, and business teams to identify security threats arising from day-to-day operations and propose appropriate security controls and risk mitigation measures.Drive a shift-left security approach by embedding security requirements early in Agile delivery, CI/CD pipelines, and infrastructure provisioning lifecycles.Review and validate risk assessments conducted by the First Line of Defense to ensure alignment with the organization's risk appetite and control requirements for IT vendors and partners.Act as a key contact for internal audits, external audits, and regulatory inspections; coordinate evidence collection, remediation tracking, and closureConduct periodic and regulatory report to SBV/CIMB Group for security matters.Job SpecificationBachelor's degree in Computer Science, Cybersecurity, Information Technology or a related field.3+ years of hands-on experience in IT security governance, policy management or comparable role (preferably in banking/financial services).Professional certification such as CISSP, CISM, or equivalent is highly desirable.Technical & Functional SkillsDeep understanding of network and host hardening, firewall/VPN architectures, IDS/IPS, hand-on experience in using source-code scanning tools.Familiarity with vulnerability-assessment frameworks, risk management methodologies (ISO 27001, NIST 800-53, CIS).Have capability to research, integrate new security solutions to current process/system.Working knowledge of regulatory guidelines (e.g. SBV Circular 09, 50, 13).Experience auditing security controls and reviewing technical change requests.Strong analytical skills to interpret risk reports and translate into clear policy requirements.Personal skillsExcellent stakeholder management and communication-able to present policy to both technical teams and senior management.Rigorous attention to detail and a methodical, compliance-driven mindset.Ability to influence without authority and drive policy adoption.Inquisitive approach to new threats and security technologies.About Us: With operations that span 15 different markets across the region, the opportunity to expand your experience, test your capabilities, and exhibit your resilience is ample. #teamCIMB is always keen to welcome the ones who are ready to make that very special difference - for themselves and the bank.
