Manager, Business Information Security Officer

About FWD Group

FWD Group is a pan-Asian life and health insurance business that serves approximately 30 million customers across 10 markets, including BRI Life in Indonesia. FWD’s customer-led and digitally enabled approach aims to deliver innovative propositions, easy-to-understand products and a simpler insurance experience. Established in 2013, the company operates in some of the fastest-growing insurance markets in the world with a vision of changing the way people feel about insurance.

For more information, please visit www.fwd.com

About FWD Takaful Berhad

FWD Takaful Berhad (“FWD Takaful”) is a takaful provider in Malaysia that offers family takaful services. FWD Takaful is licensed under the Islamic Financial Services Act 2013 and is regulated by Bank Negara Malaysia. FWD Takaful is a takaful business unit of FWD Group.

Visit https://www.fwd.com.my

Join us

We’re proud to be a company that encourages and nurtures fearless innovation in achieving our vision of changing the way people feel about takaful. Our teams come from a wide variety of industries and backgrounds because we value developing a truly diverse pool of talent that brings different perspectives and experiences. Our values – committed, innovative, proactive, open, and caring – define who we are and what we do as we work together to bring our vision to life, every single day.

KEY ACCOUNTABILITIES

• Lead Business IT Security, with the support of the local IT Team, IT Security Teams and Group IT Security.
• Define and maintain a Local Business Unit IT Security Program, to perform continuous improvement on the Business Unit security posture.
• Drive local Business Unit IT Security Initiatives and Projects definition and implementation, selection of solutions and architecture, as well as define operations framework and its continuous improvement.
• Coordinate Group IT Security Initiatives rollout in country.
• Support the preparation of IT Security Metrics and Risk Mapping, along with the resolution of deficiencies identified on those Metrics.
• Drive awareness and support to Group IT Security, Group IT and the Business Unit IT, to understand the IT Security Solutions and Processes, as well as their implications across the organization.
• Work closely with the Head of IT and Group CISO, through tracking and reporting function, to ensure regular updates to management on the IT Security Program and risks.
• Advise and review IT Application Risk Assessment and other Technology/IRM related risk assessment to evaluate risk rating, controls and corrective action in existing system and new project/system/application implementation
• Review IT risk register and IT Key Control Self-Assessment (new) performed by business units  
• Facilitate, consolidate and reporting on Quarterly Technology Risk Report, Quarterly Risk Report & Monthly Risk Report (IRM section) for Group, Compliance & Operational Risk Committee (CORC) and Board Risk Committee (BRC) 
• Maintain and oversee implementation of Technology Risk Governance policies i.e. Data Governance Policy, Technology Risk Management Standard, Information Classification & Handling Standard and related documents
• Support in implementation of the overall risk management process for the organization and actively engage in risk remediation planning, resolution, and monitoring activities including risk acceptance.

QUALIFICATIONS / EXPERIENCE

• Minimum 8 years working experience in IT Security Management role, preferably in Financial Services.
• Business IT Security leadership experience.
• Certification on CISSP / CRISC is preferred.
• Degree from Information Technology or equivalent discipline.

KNOWLEDGE & TECHNICAL SKILLS

• Excellent knowledge of overall IT Security domains.
• Experience on multicultural virtual/distributed team coordination and communication.
• Ability to define, prioritize and execute process in a precise and structured manner.
• Excellent communication, presentation and influencing skills.
• Insurance Business general knowledge