LVT is hiring a Chief Security Information Officer (CISO) for Malaysia to lead our information security strategy and implementation. You will provide executive security leadership, identify critical business security needs, and drive the adoption of security policies and standards across the local business environment.
What You'll Do
- Provide security leadership, advice, and counsel to executive management teams on security policy and practices; identify exposures and threats and drive corrective plans based on risk.
- Implement the Company’s information security strategy across the business environments.
- Ensure the enterprise information security architecture and roadmaps are implemented and meet both business and information security objectives.
- Identify and understand key business processes, systems, and specific security needs critical to the Business Unit, and ensure they are incorporated into the overall cybersecurity strategy.
- Help develop business cases, secure leadership sponsorship, and drive adoption and implementation of security projects and programs.
- Support the business in its compliance to Malaysia Risk Management in Technology (RMiT) or any other relevant regulatory guidelines/standards issued by the local regulator.
- Help formulate and facilitate the effective implementation of relevant technology risk/information security standards required by the respective regulators for the local entity.
- Ensure security projects and activities are prioritized based on risk to the business unit; work with leadership team to develop risk management program to ensure the confidentiality, integrity, and availability of information.
- Support anticipating, identifying, and deterring cyber-based attacks against the company and its business operations, employees, and subsidiaries.
- Provide support to central team developing threat response and risk mitigation plans, including input into scenarios that involve invoking countermeasures and containment strategies.
- Ensure security issues are addressed with timely, appropriate responses to minimize the impact to the Company, or its assets, customers or reputation.
- Monitor and evaluate risk performance metrics on key security issues and programs, recommend corrective action programs as appropriate, and drive remediation items to completion.
- Actively contribute to the matters being discussed at management committees where information security is an invitee or a member.
- Remain current on constantly emerging Cybersecurity and geopolitical threats to ensure continual protection of the Company’s assets, information and reputation.
What We're Looking For
- 15+ years of full-time related work experience in information security management and/or related functions (such as Technology Risk Management).
- At least 3 years holding a senior security leadership position at a company.
- Ability to communicate information security risks effectively in business terms to all levels of the organization.
- Trustworthy, proactive and takes leadership, with high standards of personal integrity.
- Knowledge of security metrics and Key Security Risk indicators and how to implement them.
- Ability to work locally without need for visa/work permit sponsorship.
Nice to Have
- Prior experience leading mid-size information security teams with a strong track record of success in complex environments.
- Experience in financial or insurance industry preferred, with an in-depth understanding of the relevant local regulatory requirements.
- Information security related certification such as SANS, ISC2, ISACA, ISO 27001 will be desirable.
- Typically, also possesses a background in technical IT roles such as security architecture, technology risk and governance or cyber security strategy - with an overarching information security oversight.
Work Mode
This is an onsite position based in Malaysia. Our culture values in-person collaboration as a vital part of our work environment.
AIG provides equal opportunity to all qualified individuals regardless of race, color, religion, age, gender, gender expression, national origin, veteran status, disability or any other legally protected categories.
