Primary Objective: • Support Head, Cyber & Information Security Risk Management in providing the 2nd line of defense roles for cyber and information security risk management across all regional office as well as entities within the Group.
• Plan and lead the risk assessment of Group Technology Services effectiveness in implementing controls to mitigate cyber and information security risks to protect the Confidentiality, Integrity and Availability of IT services (IT services categorized as “critical”).
• Plan and lead the risk assessment with Business Users prior to the rolling out of new products or services on areas pertaining to cyber and information security risk.
• Appraise the suitability of approaches taken by Group in the management of cyber and information security risks to minimize financial and / or reputational impact to be in line with Group Risk Appetite.
• Evaluate the applicability and completeness of the vulnerability assessment and penetration testing (VAPT) initiated by Group Technology Services.
Key Responsibilities: • Coordinate the development, review, update and roll-out of Information Security frameworks and policies to provide for an effective governance in the operation of cyber and information security risk management.
• Recommend standards and good practices to support the management of cyber and information security controls to protect Group from emerging cyber threats.
• Perform independent assessment on the adequacy of controls implemented by Group Technology Services and recommend suitable countermeasures to address cyber and information security risks where applicable to be in line with Group’s risk appetite.
• Review & challenge constructively on the submission of risk tools by Group Technology Services that covers self-assessment, early warning of changes to risk landscape and the approach in testing the controls.
• Review & Assess existing defined security control structures and the granting of access privilege whether these are in line with the Group’s confidentiality requirements.
• Review, Assess and recommend the scope required for vulnerability testing e.g. vulnerability assessment and PEN Testing.
• Provide input in the development, review, update and roll-out of Information Security frameworks and policies to provide for an effective governance in the operation of cyber and information security risk management.
• Track the implementation of standards and good practices recommended to support the management of cyber and information security controls to protect Group from emerging cyber threats.
• Conduct independent assessment on the adequacy of controls implemented by Group Technology Services and identify countermeasures that are not in line with Group’s risk appetite pertaining to cyber and information security risks.
• Any other tasks relating to risk management assigned by Head, Cyber & Information Security Risk Management as and when required.