Director, GT-TSS, VAPT MY (Head of Vulnerability Assessment and Penetration Testing (VAPT))
Malaysia
CIMB
CIMB Group is the leading ASEAN Universal Bank and home for all your personal and business financial needs. Know more about our group here.Job Summary
The Head of Vulnerability Assessment and Penetration Testing is responsible for leading and managing the CIMB vulnerability assessment and penetration testing efforts to identify, assess, and mitigate security vulnerabilities across applications, networks, and infrastructure. This role will develop testing methodologies, oversee intelligence Led Penetration Testing engagements, and collaborate with key stakeholders to strengthen the Bank security posture. The ideal candidate will have extensive experience in ethical hacking, security assessments, vulnerability management, and penetration testing methodologies.
Key Responsibilities
Develop and implement a comprehensive vulnerability assessment and penetration testing program to proactively assess security weaknesses.
Lead internal and external security testing engagements, including web applications, network infrastructure, cloud and AI environments.
Oversee Intelligence Led Penetration Test, adversary simulation, and threat emulation exercises.
Conduct regular vulnerability assessments and work closely with Security Operations, DevSecOps, IT, and engineering teams to remediate identified vulnerabilities effectively.
Establish and maintain security testing standards, methodologies, and reporting procedures.
Monitor emerging threats, attack techniques, and vulnerabilities to enhance testing methodologies.
Ensure compliance with industry security standards and regulatory requirements such as BNM RMIT, NIST, OWASP, PCI-DSS, and ISO 27001.
Develop executive reports, dashboards, and presentations to communicate findings, risks, and remediation strategies.
Manage relationships with third-party security testing vendors and partners.
Foster a culture of security awareness, ethical hacking, and continuous improvement within the Bank.
Qualifications & Experience
Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field.
10+ years of experience in cybersecurity, with a strong focus on vulnerability assessment, penetration testing, and ethical hacking.
Expert-level knowledge of vulnerability scanning and penetration testing tools and frameworks (e.g., Nessus, Burp Suite, Qualys,Metasploit, Nmap, Kali Linux).
Hands-on experience with Intelligence Led Penetration Test, adversary emulation, and social engineering tactics.
Strong understanding of application security, network security, and cloud security.
Proficiency in scripting and automation (Python, PowerShell, or Bash) to enhance testing capabilities.
Experience with threat modeling, exploit development, and attack simulations.
Strong leadership skills with the ability to manage and mentor a team of security professionals.
Relevant certifications such as OSCP, OSCE, GPEN, GXPN, CISSP, or CISM are highly desirable
Experience in developing custom exploit or original vulnerability will be an added advantage.
#LI-AZ1
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Automation Bash Burp Suite CISM CISSP Cloud Compliance Computer Science DevSecOps Ethical hacking Exploit GPEN GXPN ISO 27001 Kali Linux Metasploit Nessus Network security NIST Nmap OSCE OSCP OWASP Pentesting PowerShell Python Qualys Scripting Security assessment Vulnerabilities Vulnerability management
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.