Vice President - Security Governance

Key Responsibilities

1. Manage security governance, risk management, and compliance matters, ensuring that human resources are engaged and trained with relevant skills and knowledge.
2. Provide strategic leadership and oversight in the development, implementation, and continuous review of KWAP’s Cyber Security Policy, ensuring alignment with applicable laws, regulations, and industry standards, including the Cyber Security Act (Act 854), National Cyber Security Baseline (NCSB v1.3), ISO/IEC 27001:2022, and Personal Data Protection Act (PDPA).
3. Lead and oversee enterprise cloud security architecture, including Cloud Security Posture Management (CSPM), Zero Trust security frameworks, and cloud risk management across hybrid environments.
4. Drive enterprise-wide assessment and governance of security risks across Artificial Intelligence and emerging technologies, including GenAI misuse, adversarial machine learning, and Large Language Model (LLM) vulnerabilities.
5. Provide strategic oversight and advisory on compliance with Act 854, National Cyber Security Agency (NACSA) directives, Bank Negara Malaysia Risk Management in Technology (RMiT), and PDPA, ensuring the organisation maintains a robust and effective compliance posture.
6. Collaborate with legal and regulatory requirements, such as General Data Protection Regulation (GDPR), PDPA, Network and Information Security Directive 2 (NIS2), System and Organisation Controls 2 (SOC 2), Payment Card Industry Data Security Standard (PCI-DSS), and other applicable laws. Conduct internal security audits, gap assessments, and compliance reviews.
7. Manage internal and external audit queries and control, conducting audit walkthroughs, tracking data or information requests and managing auditors and auditees to ensure completion of audits.
8. Lead security awareness and training initiatives, design and implement cybersecurity awareness programmes to educate employees on security risks, policies, and best practices.
9. Analyse the global Information Technology (IT) security threat landscape provided by a reputable threat intelligence provider, assess the potential risks and impacts, and recommend suitable solutions.
10. Manage third-party vendors and service providers for cybersecurity risks and ensuring compliance with contractual security requirements.
11. Provide periodic security governance reports to relevant committees (such as senior management, risk committees, and the Board).
    Act as Cyber Security Incident Manager by collaborating with Cybersecurity Operations and Risk Management teams to ensure governance aspects are incorporated into incident response plans.
12. Collaborate closely with IT, legal, compliance, risk, and business units to incorporate security governance into organisation-wide procedures.

Key Requirements

1. Bachelor’s Degree in Computer Science, Cyber Security, Information Systems, or any related field.
2. Possess knowledge and understanding of regulatory requirements relevant to the industry such as Cyber Security Act, Certification in Risk Management Assurance (CRMA), GDPR, PDPA, Monetary Authority of Singapore Technology Risk Management (MAS TRM), Payment Card Industry Data Security Standard (PCI-DSS).
3. Minimum of twelve (12) years of working experience in security risk management methodologies, policy development, security awareness programmes, and governance reporting.
4. Experienced with cybersecurity frameworks, such as National Institute in Technology Cybersecurity Framework (NIST CSF), Center for Internet Security Critical Security Controls, and Control Objectives for Information and Related Technology (COBIT).
5. Experienced in leading a team or group of people while performing cyber security governance and compliance, audit, IT risk and other IT related areas.
6. Strong knowledge of security governance frameworks.