Technical Information Security Officer (TISO)

• Lead secure design Be the security architect for digital initiatives. Translate strategic security goals into actionable technical designs that reduce risk. Facilitate robust digital transformation by embedding security from the outset balancing user experience with control requirements
  
  
• Lead Governance Risk and Compliance Implement the banks security governance standards manage first line technology risks and comply with requirements from CBSL PDPA PCI DSS ISO/IEC 27001 and NIST CSF. Assess and manage security risks in new products services and changes to the ecosystem. Provide assurance through documentation metrics and evidence to support the CISOs team internal auditors external auditors and regulators.
  
  
• Lead security operations Oversee security operations within the CIO organization to uphold the security posture of the banks digital ecosystem and reduce risk. The scope includes security platforms (e.g. IAM PAM firewalls IPS PKI EPP XDR DLP and SIEM) and security of infrastructure containers databases middleware applications APIs and the cloud.
  
  
• Minimize attack surface Pursue rigorous configuration hardening patch management and vulnerability management to reduce exposure. Secure legacy systems effectively. Prioritize and fix findings from penetration testing red-teaming and breach and attack simulations. Monitor the banks external attack surface and benchmark against peers.
  
  
• Jointly lead SIEM and SOC Lead SIEM engineering and 24x7 SOC operations jointly with the CISOs team to maintain proactive monitoring detection and facilitate initial response to security incidents. Leverage technical expertise to optimize SIEM ingestion improve detection quality reduce false positives and align use cases with emerging threats.
  
  
• Jointly lead incident response Lead security incident response from the CIO organization collaborating with the CISOs team. Jointly maintain and test incident response plans; lead triage containment and recovery during cyber events; and conduct post-incident forensics and root cause analysis. Jointly conduct incident response drills to improve readiness and meet regulatory compliance.
  
  
• Address emerging challenges Monitor global and regional threat landscapes anticipate risks and adapt the banks security strategy proactively. Key focus areas include quantum- vulnerable cryptography; AI-enabled threats and deepfakes; cloud security and vendor lock- in; digital banking security; supply chain and third-party security; and advanced threat actor techniques.
  
  
• Security advisory Advise the CIO the CISO digital transformation teams corporate management and board committees on technical security risks and mitigation strategies. Provide expert input on IT architecture digital transformation secure software development and supply chain security to instil security by design. Contribute technical inputs to staff training programs to foster a strong security culture.
  

Requirements

• Bachelors degree in computer science information security engineering or related field (masters preferred).
  

• 16 years of progressive IT and security experience with at least 5 years in a senior technical leadership role.
  
• Proven track record in banking/financial services (preferred).
  
• Hands-on experience in managing and securing on-premises and cloud infrastructure including hypervisors operating systems databases middleware and applications; SIEM engineering and SOAR; SOC operations; incident response; zero-trust and cryptography.
  

• CISSP CISM CISA CCSP ISO 27001 Lead Implementer/Auditor or equivalent industry-recognized certifications.
  
  

• Strong familiarity with regulatory and industry standards: CBSL Directions including 16/2021 PDPA 2022 PCI DSS v4.0.1 ISO/IEC 27001:2022 and NIST CSF 2.0.
  
• Understanding of emerging security challenges including PQC AI-enabled threats digital banking risks and third-party/supply chain exposures.
  

• Ability to lead technical teams and influence cross-functional stakeholders.
  
• Strong communications skills to advise the CIO the CISO and board committees on technical risks.
  
• Analytical forward-looking and able to align security execution with strategic goals.