Senior Principal Information Security Specialist- CyberRisk

KEY AREAS OF RESPONSIBILITIES

Day-to-day leadership, management, and operation

Assist the Head of CISO in day-to-day leadership, management, and operation of the CISO Office department which includes data security and protection and cyber and ecosystem risks

Assist the Head of CISO in ensuring timely completion of business plans

Monitor and report status of KPI and CISO Office's goals and projects

Resolve project issues and challenges

Execute ad-hoc assignments instructed by Head of CISO and Senior Director of Risk & Compliance

Cybersecurity strategy

Identify and assist in the execution of PayNet's cyber security/information security strategy via an appropriate management forum to achieve cyber security vision and target security capabilities that is align with PayNet's Strategy in conjunction with related cyber security requirements across the industry

Formulate and enforce appropriate policies/framework/requirements for the effective implementation of Technology Risk Management Framework and Cyber Resiliency Framework.

Establish and enforce directive controls, validate internal detective and preventive security controls. Work together with relevant stakeholders to achieve security objectives

Security awareness

Develop new security awareness strategies leveraging new innovations

Drive security culture and behavior internally through continuous security awareness programs

Establish and embed cultural and behavioral goals in the cyber security strategy. Lead continuous security awareness program for PayNet

Cyber crisis management

Drive effective cyber security incident and crisis management internally and lead major security incident management

Ensure cyber crisis management processes, procedures, tools and playbook are up-to-date and relevant to manage current and future crisis

Work with other departments such as branding and communications to ensure crisis communications are up to date

Cyber risk management

Advise senior management on technology risk and security matters, including developments in the PayNet's technology security risk profile in relation to its business and operations

Prepare security related reporting to the senior management, Group Risk Committee and the Board.

Establish and maintain threat models, monitor the cyber threat landscape and correlate with relevant cyber intelligence sources (formal and informal channels)

Research and development in cyber risk and generative AI

Lead R&D effort in the impact of AI on cybersecurity

Lead R&D effort in generative AI for multiple use cases

Identify future and evolving threats (AI and quantum computing) and conduct R&D on threat mitigation

Data security and protection

Develop and implementation data security and protection strategies focusing on technical and advance techniques of data protection and collaborate with data security governance on data security matters