IT Security Strategy
- ISO 27001
- CISSP, CISM, CISA
**About Us**:
Our client is one of the biggest Public Bank company in Indonesia - Indonesian state-owned bank. It has branches primarily in Indonesia, but also found in Seoul, Singapore, Hong Kong, Tokyo, London and New York. It had 1000 branches and over 9 million customers in 2006.
**Responsibilities**:
- Lead the development, implementation, and maintenance of the bank's IT security program, ensuring compliance with industry best practices and regulatory requirements. You will collaborate with various stakeholders, including senior management, IT teams, and business units, to establish and maintain a robust security posture.
- Develop and implement an enterprise-wide IT security strategy and roadmap, aligning it with the bank's business objectives.
- Lead the design, implementation, and management of the bank's IT security architecture, including network security, endpoint security, access controls, and encryption mechanisms
- Develop and enforce IT security policies, standards, and procedures to ensure the confidentiality, integrity, and availability of the bank's systems and data.
- Conduct regular risk assessments and vulnerability scans to identify potential security threats and develop appropriate mitigation strategies.
- Manage and respond to security incidents, including conducting investigations, coordinating with internal teams and external partners, and implementing corrective actions.
- Stay updated on emerging IT security threats and technologies, and provide guidance on security best practices to relevant stakeholders.
- Collaborate with internal and external auditors to ensure compliance with applicable regulations and industry standards.
- Provide leadership and guidance to the IT security team, including hiring, training, and mentoring team members.
- Develop and maintain strong relationships with vendors and external partners to enhance the bank's security capabilities.
- Prepare and present regular reports on the status of the bank's IT security program to senior management and the board of directors.
**Requirements**:
- Bachelor's degree in Computer Science, Information Technology, or a related field. A master's degree or relevant certifications (e.g., CISSP, CISM, CISA) are preferred.
- Proven experience (minimum 8-10 years) in IT security, with a focus on financial institutions or banking environments.
- In-depth knowledge of IT security frameworks, such as ISO 27001, NIST Cybersecurity Framework, and PCI DSS.
- Strong understanding of network security protocols, encryption algorithms, and security technologies (e.g., firewalls, intrusion detection systems, data loss prevention).
- Experience in developing and implementing IT security policies, standards, and procedures.
- Proficient in conducting risk assessments, vulnerability management, and incident response.
- Familiarity with regulatory requirements specific to the banking industry, such as FFIEC guidelines.
- Excellent leadership and communication skills, with the ability to collaborate effectively with cross-functional teams and senior stakeholders.
- Strong analytical and problem-solving skills, with the ability to think strategically and make data-driven decisions.
- Up-to-date knowledge of emerging IT security trends, threats, and technologies.
- Demonstrated ability to manage and prioritize multiple projects and initiatives in a fast-paced environment.