Head of Cyber Security

Engineering

|

Full-Time

We’re looking for a Head of Cyber Security to keep our customer and business data safe and protect our systems from threats and vulnerabilities.
At Setel, we are obsessed with delivering a seamless and frictionless retail experience for our customers. We strongly believe that we can only deliver these amazing experiences for our customers and merchants when we drive a work culture that inspires innovation, rewards risk-taking, and celebrates success. If you live to solve hard problems, love proving out new technologies, and take pride in your deliverables, then we’d love to meet you!

In This Role You Will:

Provide leadership by setting the direction, strategy, deliverables, and operating model for all aspects of Setel cyber security function, reporting to the CTO.
Lead and champion Secure Software Development Lifecycle (SSDLC) and DevSecOps practice across our development and SRE teams.
Implement application security testing strategy not limited to static code review, black-box, and white-box vulnerability and penetration testing, and network security scans.
Liaise across the business units (Engineering, Product, Compliance, Operations, etc) to improve the overall security posture of the organisation.
Oversee the Security Operations Center (SOC) in proactively identifying and preventing threats, as well as reactively recovering from security incidents.
Oversee the Technology Risk Management Function (TRMF) that assesses and consolidates technology risks to help guide senior management risk and remediation decisions.
Ownership of the policies and procedures that comply with PCI-DSS and Bank Negara Malaysia RMIT frameworks.
Hire, grow and retain a team of security professionals and risk management team.
Define resource, training, and technology requirements to ensure the organisation is well-equipped with the necessary knowledge to put security as job zero.
Resource and budget planning to grow the cybersecurity organisation for Setel.

You’re a great fit if you have:

5+ years experience in cyber security, application security, information security or equivalent field.
Hands-on working knowledge in managing and delivering application security, security penetration testing, and/or vulnerability management services.
Hands-on experience with cloud technologies like AWS, GCP, Azure, and software development on the latest tech stacks eg Javascript, Python, React, etc.
Well-versed in cyber security frameworks, information security principles, architecture, and cryptography.
Hands-on experience with Application Security and Security Penetration Testing processes, technologies, and industry frameworks (eg OWASP\CREST\CVE\CVSS).
Experience working on either BNM RMIT or equivalent banking frameworks and/or PCI-DSS in technology risk management, security requirements, and governance.
Great verbal and written communication skills horizontally and vertically.
Experience working with a distributed team across multiple time zones.