CISO / Head of Cybersecurity

Core Purpose:

Overseeing all aspects of cybersecurity policies and infrastructure to prevent major and critical cyber-attacks, while proactively monitoring and mitigating cyber threats across the bank’s domains.

Key Responsibilities:

• Oversee and direct all aspects of cybersecurity across the virtual bank, including cybersecurity governance and day-to-day operations, as well as drives continuous improvement of cybersecurity capabilities
• Develop and enhance enterprise-wide Information and Cybersecurity (ICS) policies, standards, and procedures, and oversee compliance and continuous enhancements of these policies, standards, and procedures
• Establish and continuously refine a robust information security management framework to proactively identify, assess, and mitigate risks
• Ensure security specifications and IT security architecture are defined.
• Manage IT risks and cyber threats in alignment with the virtual bank’s risk profile and present these risks to the Board of Directors and designated committees on a regular basis
• Proactively communicate and interact with stakeholders across all business units to promote adherence to applicable policies and standards
• Optimize the efficiency of Information Security functions and empower the CRO to effectively lead the second line of defense in safeguarding information and data assets
• Ensure IT security controls are implemented and operating effectively, and that these controls are commensurate with the IT risks and cyber threats faced by the organization
• Ensure staff have IT security and cyber threat knowledge, awareness, preparedness, and readiness to deal with cyber threats
• Report IT security incidents and provide opinions on IT risk management and cyber threats to IT Steering Committee and Risk Management Committee
• Lead and continuously improve the incident escalation process. This includes defining clear escalation paths, establishing communication protocols with internal departments and external regulators, and ensuring timely and effective response during a security breach.
• Provide comprehensive oversight, support, advice, and guidance to senior management and stakeholders regarding compliance with applicable data protection laws, with a strong focus on upholding the rights and freedoms of data subjects

Essential Qualifications:

• Experience in areas of information and cybersecurity including knowledge of cyber resilience, identity and access, network security, application security, and cloud security
• Experienced in leading a team of security professionals, with the ability to clearly explain and present information security risks to senior leadership and propose effective mitigation strategies
• Deep understanding of cyber risk management and compliance with cybersecurity frameworks such as NIST, ISO, CIS, and PCI-DSS
• Proven expertise in leading and maturing incident response capabilities, conducting thorough forensic investigations, and establishing and overseeing effective Security Operations Centers (SOCs)
• Relevant certifications such as CISSP, CISM, CISA or CCSP are desirable.
• Strong leadership, security analytical, and problem-solving skill
• Strong communication and collaboration skills in both English and Thai with the ability to work effectively with cross-functional teams