Principal Information Security Specialist

Principal Information Security Specialist 1. Drive the execution of PayNet's cyber security and information security strategy via an appropriate management forum to achieve cyber security vision and target security capabilities
2. Review and maintain the strategy to be consistent with overall business direction and in line with PayNet's peers in related cyber security requirements across the industry
3. Establish and enforce directive controls, validate internal detective and preventive security controls
4. Work together with relevant stakeholders to assess cyber, ecosystem, and technology risk
5. Coordinate and maintain cyber and ecosystem risk monitoring 
6. Perform any other ad-hoc assignments that are instructed by the management of Risk & Compliance that may be given from time to time
7. Lead and manage team members including setting KPIs and professional and personal development, providing mentoring and coaching, and uplifting of skills and capabilities
8. Work and collaborate with other units within CISO Office and departments in Risk and Compliance to advance and promote risks management in PayNet
KEY AREAS OF RESPONSIBILITIES Coordinate, plan, manage and lead work packages for cyber security and ecosystem risk and project execution for team members within the department Provide expert input into the collective information security strategy to ensure that future security investments align with key priorities such as business requirements, industry threat landscape, and risk appetite. Maintain regular engagement and proactive partnership with business and technology teams to ensure cyber/information security strategies align with business and technical needs, requirements, and constraints. Analyse market and industry trends and adjust security strategy accordingly Monitor current and proposed laws, regulations, industry standards, and ethical requirements related to information security and privacy, and provide advanced advice and readiness to PayNet to be fully compliant with these requirements Design, develop, execute, or oversee cyber risk management, incident management and response, threat intelligence, and overall security monitoring Monitor, report, and provide recommendations to improve the overall threat and vulnerability management processes and procedures Participate in periodic information systems risk assessments, including those associated with developing new or significantly enhanced business applications Develop, execute, and maintain cyber risk monitoring for the ecosystem (PayNet's participants and critical service providers) Prepares and periodically updates draft information security policies, architectures, standards, and other technical requirement documents needed to advance information security at PayNet Perform secretariat function for Internal Security Forum (ISF) Perform regular security reviews, risk assessment, thematic reviews and provide advisories and practical recommendations to mitigate security issues Advance and improve the management of cyber security risks (e.g., compliance and supervisory assessments, management reporting, etc.,) and overall CISO operation either through process improvements, data analytics, or automation Manage and lead team members which includes setting performance and KPIs, identifying personal and career development, providing coaching and guidance, and uplifting of skills and capability Manage and monitor CISO team for day-to-day security governance and compliance related activities, including other activities (e.g., cyber response and threat intel) as and when required Perform or support any tasks related to the function of the Department as assigned by the Director of Risk and Compliance or CISO, which may arise from time to time QUALIFICATIONS
MINIMUM QUALIFICATIONS Degree in Information Technology (IT), Computer Science or other related discipline with relevant experience in managing cyber risk in financial market infrastructures, critical national infrastructure, military, security intelligence or equivalent 15 years of working experience or more, with a minimum of 10 years in cyber and information security governance, risk and compliance, and other areas of cyber security Experience in managing and leading teams of various sizes Demonstrated experience in providing security advice to a wide range of stakeholders Professional certification such as CISM, CISA, CISSP or equivalent TECHNICAL COMPETENCIES Practical understanding of industry frameworks for cyber and information security such as National Institute of Standards and Technology (NIST) Cyber Security Framework, COBIT, Information Security Management System (ISMS), Payment Card Industry Data Security Standard (PCI DSS), Personal Data Protecction Act (PDPA), General Data Protection Regulation (GDPR), and Bank Negara Malaysia's Risk Management in Information Technology (RMiT); Thorough understanding of end-to-end IT operations and how IT interfaces with business, risk management and compliance processes and IT Security Thorough understanding of security operations, security management, security assessment, cybe response, threat intel, and security monitoring Demonstrate understanding of defence in depth concepts and supporting security technologies, including but not limited to: endpoint protection, network access control, remote access VPN, file integrity monitoring, firewalls, IDS/IPS, SIEM, application security controls, identity management / federated identity services and public key infrastructure Have prior experience in designing, implementing, and operating security solutions; or understanding and familiarity with various security solutions and technologies Demonstrate knowledge of threat actor Tactics, Techniques, and Procedures (TTPs) and corresponding mitigation/disruption techniques Prior experience securing public cloud environments (AWS, Azure) Demonstrate expertise with addressing zero-day threats, intrusions, malware infection and experience with analysis techniques KEY REQUIREMENTS Understanding of cyber security risks covering both internal PayNet and external payments eco-system 2. Understanding of international, regional, and local regulatory requirements and guidelines and standards for cyber security, data protection, and privacy specifically for the financial industry
3. Experience and familiarity in implementing leading practices, standards, frameworks, and guidelines for managing cyber security risks and incident management
4. Experience and understanding in cyber threat intelligence, incident management and response, attack simulation, blue, red and purple team exercises
5. Experience related to information and cyber security strategy planning, security architecture design and review
6. Effective communication, collaboration, and presentation skills. Ability to explain complex concepts in plain language and graphics, and in business and layman terms
7. Experience and understanding of security operations, security management, IT and network infrastructure, IT operations, technology and solution architecture, and overall IT operations and IT service management
8. Familiarity and experience with security technology and solution design and implementation, especially in the areas of security monitoring and detection such as SIEM, SOAR, and overall security operations centre's operations and management
9. Experience in managing and leading a team, and ability to work cross-function and cross-domains
ADDITIONAL REQUIREMENTS Excellent interpersonal, facilitation, and leadership skills along with effective communication (both written and verbal) skills Strong history of external engagement with industry peers, working groups, and cybersecurity communities globally Strong analytical and problem solving skills, possesses critical and creative think skills and mindset Embark on an exciting career journey with Payments Network Malaysia Sdn Bhd (PayNet), the heartbeat of Malaysia's financial markets!
As the national payments network and a pivotal infrastructure for Malaysia's dynamic financial markets, PayNet is a linchpin in advancing the nation's digital economy.
Our comprehensive suite of retail payment solutions - encompassing DuitNow (QR and P2P), JomPAY (Bill Payments), FPX (Online), MyDebit (Domestic Debit), MEPS (ATM), and IBG (Interbank GIRO) - not only offer wide accessibility but are seamlessly integrated into the fabric of daily life in Malaysia. These services have revolutionised the way Malaysians handle financial transactions, marking a significant leap in consumer convenience and efficiency.
At PayNet, our focus is on providing a safe, efficient, and innovative payments system. We are dedicated to improving and managing payment services that meet the evolving needs of consumers and businesses. Our work ensures the stability and reliability of Malaysia's financial system, supporting the growth of the economy.
Learn more about our work and how we are contributing to Malaysia's financial future at
Join us in embracing digital payments and advancing Malaysia's financial landscape.
#J-18808-Ljbffr