Ciso (Banking Company) - Department Head

• Banking
• CISO

About Us

Our client is one of the biggest Public Bank company in Indonesia Indonesian state-owned bank. It has branches primarily in Indonesia, but also found in Seoul, Singapore, Hong Kong, Tokyo, London and New York. It had 1000 branches and over 9 million customers in 2006.

The Chief Information Security Officer (CISO) is a senior-level executive responsible for establishing and maintaining the security strategy and policies for the entire banking company. The CISO's primary objective is to protect the bank's customers and their assets by effectively managing all aspects of information security, including but not limited to data protection, risk assessment and management, security architecture, security incident response, compliance, and awareness training.

Responsibilities:

• Risk Assessment and Management:
• Compliance and Governance:
• Develop risk mitigation plans and ensure their implementation.
• Design and implement the bank's security architecture, ensuring appropriate safeguards are in place to protect sensitive data and critical systems.
• Raise awareness of security risks and promote best practices regularly through communication channels.
• Identify and evaluate information security risks associated with the banking company's systems, networks, applications, and infrastructure.
• Conduct regular risk assessments to identify vulnerabilities and prioritize remediation actions.
• Security Incident Response and Management:
• Collaborate with legal, compliance, and privacy teams to ensure compliance with legal and regulatory requirements.
• Establish and maintain policies, procedures, and controls that comply with relevant regulatory requirements, industry standards, and best practices.
• Awareness and Training:
• Create and maintain an information security roadmap that addresses current and emerging threats, technologies, and trends.
• Collaborate with internal and external auditors to ensure successful completion of security audits.
• Develop and deliver an ongoing security awareness and training program for all employees.
• Partner with technology teams to define secure development practices and secure coding standards.
• Develop and implement a comprehensive information security strategy aligned with the business objectives and regulatory requirements.
• Collaborate with cross-functional teams to integrate security into the overall business operations and processes.
• Evaluate new technologies and solutions for their potential integration into the existing security infrastructure.
• Develop and maintain an incident response strategy and framework to promptly respond to and mitigate security incidents.
• Conduct regular training sessions and simulations to test incident response capabilities and employee knowledge.
• Security Architecture and Engineering:
• Lead and coordinate the investigation, containment, and recovery efforts in the event of a security breach.
• Security Strategy and Planning:
• Regularly monitor and track compliance with regulatory obligations and internal policies.

Qualifications:

• Professional certifications such as CISSP, CISM, or CISA are highly desirable.
• Excellent analytical, problem-solving, and decision-making skills.
• Minimum of 10 years of experience in information security, including significant experience in a senior leadership role.
• Strong knowledge of banking industry-specific regulatory requirements, such as Basel III, SOX, and GDPR.
• Bachelor's degree in Computer Science, Information Security, or a related field. Advanced degree preferred.

Call for Action: If you possess the above requirements and are keen on a new challenge, please apply directly or email [email protected].