Information Technology Security Manager

The IT Security Manager supports the Head of IT Security in driving governance, risk management, and cyber defence initiatives to safeguard Maybank’s technology landscape.

Responsibilities:-

1. IT Security Assessments

• Perform technical security assessments across infrastructure, applications, and cloud environments.
• Provide expert guidance on security architecture and cloud security best practices.
• Evaluate systems to ensure compliance with security requirements and industry standards.

2. IT Security Governance

• Review and enforce IT security standards, procedures, and policies.
• Assess IT practices to ensure alignment with security frameworks and regulatory requirements.
• Maintain adherence of security processes and recommend improvements.

3. IT Security Technologies

• Manage and operate various security tools and platforms, including but not limited to:
• Breach and Attack Simulation (BAS)
• Control Validation Tools
• Active Directory Security (AD)
• Endpoint Detection and Response (EDR)
• Data Loss Prevention (DLP)
• Network Detection and Response (NDR)
• Provide technical expertise on the deployment, integration, and optimisation of security solutions.

4. IT Security Program Management

• Lead key security projects and initiatives from planning to execution.
• Act as the point of contact for security tool deployments and technology rollouts.
• Organise and execute cybersecurity exercises, including training and awareness programs for stakeholders.
• Ensure effective stakeholder engagement across departments.

5. Remediation Management

• Lead critical remediation programs to strengthen the organisation’s security posture.
• Plan, strategize, and implement corrective actions based on risk assessments and security findings.
• Collaborate with cross-functional teams to drive timely resolution of identified security gaps.

Requirements:

• Bachelor’s degree in a relevant field with at least 7 years of experience in IT security compliance and governance.
• Mandatory: CISSP certification
• Preferred: CISM, CISA, SANS, OSCP (highly regarded).
• Strong knowledge of IT security concepts, best practices, and regulatory requirements.
• Familiarity with the current cyber threat landscape, including Cyber Defence, MITRE ATT&CK, and threat-control mapping methods.
• Deep understanding of attack methodologies and defines strategies using IT security tools and products.
• Experience in secure systems development lifecycle (SDLC) assessments and security testing before deployment.
• Hands-on experience conducting cybersecurity assessments, gap analyses, and cyber drills.
• Ability to develop strategic security roadmaps and deliver comprehensive assessment reports with actionable recommendations.
• Extensive experience with certification and audit processes, including systems compliance best practices.
• Knowledge of application security and data analytics is an advantage.
• Strong communication and collaboration skills, with experience working in cross-functional teams.

Only shortlisted candidate will be notified.