APAC Financial Services - Chief Information Security Officer

Description:

Job description

Role & responsibilities

Security Strategy & Governance :

- Develop and implement an enterprisewide information security strategy aligned with business objectives

- Define and maintain security policies, standards, and procedures

- Establish a governance framework for security risk management and oversight

- Communicate security goals, risks, and metrics to executive leadership and the board

Risk Management :

- Identify, evaluate, and mitigate information security risks across systems, networks, and processes

- Lead enterprise risk assessments, vulnerability management, and threat modeling

- Ensure compliance with regulatory standards

Security Controls :

- Oversee security operations teams responsible for monitoring, detection, response, and remediation of incidents

- Lead incident management and digital forensics efforts, including coordination of responses to major breaches

- Manage thirdparty security tools, services, and partnerships

Architecture & Technology :

- Collaborate with IT and engineering leaders to implement securebydesign principles

- Oversee identity and access management (IAM), network security, data protection, endpoint security, and cloud security programs

- Ensure ongoing security assessments, penetration tests, and audits

Compliance & Audit :

- Ensure organizational adherence to regional, industry, and international regulations

- Manage internal and external security audits

Leadership & Communication :

- Lead and develop the security organization, including SOC, GRC, and security engineering teams

- Educate employees on cybersecurity risks and best practices

- Act as the primary point of contact for regulators, auditors, and law enforcement

Key Performance Indicators (KPIs) :

- Reduction in security incidents and risk exposure

- Compliance audit results and certification achievements

- Maturity of security programs (based on frameworks such as NIST)

- TimetoDetect (TTD) and TimetoRespond (TTR) metrics

- Improvements in employee security awareness

Preferred candidate profile :

- Bachelors or Masters degree in Information Security, Computer Science, or related field.

- 5-7 years of experience in information security, risk management, or IT leadership.

- Experience in a senior security leadership role.

- Strong knowledge of recent cyber threats, technologies, and defense strategies.

- Experience building and scaling enterprise security programs.

- Excellent communication skills with ability to brief boards and executives.

- Proven ability to lead cross-functional teams and influence organizations