Job Summary

The Head of Security Operations is a pivotal leadership role responsible for overseeing and directing all aspects of the bank’s IT security operational posture. Lead a dedicated team to manage security operations, drive continuous improvement, and align security capabilities with evolving business and regulatory requirements.

Key Responsibilities:

• Security Operations Management:

o Lead and manage the daily operations of all security appliances and equipment, including but not limited to Firewalls (across all tiers/segments), Web Application, Firewalls (WAF), Endpoint Detection and Response (EDR) solutions (e.g., FireEye), Intrusion Prevention Systems (IPS), and Network Access Control (NAC) systems.

o Ensure optimal performance, availability, and configuration of all managed security components.

• Compliance and Maintenance:

o Responsible for all compliance-related matters pertaining to security operations ensuring adherence to internal policies, industry best practices, and regulatory guidelines (e.g., Bank Negara Malaysia’s RMiT).

o Oversee and ensure timely execution of patching, firmware upgrades, and vulnerability remediation across all security infrastructure.

• Strategic Planning and Design:

o Lead the planning and execution of security technology refresh initiatives, ensuring systems remain current, secure, and performant.

o Drive the design and architecture of new security solutions and enhancements to existing controls.

• Technology Innovation and Proposal:

o Actively research, evaluate, and propose the adoption of new and emerging security technologies to enhance the bank’s security posture.

o Prepare comprehensive technical and business proposals for new security initiatives.

• Cross-Functional Collaboration:

o Collaborate closely with respective IT teams (e.g., Network, Database, Application, IT Risk) and business units to proactively identify and address security concerns and operational challenges.

o Act as a key liaison between Security Operations and other IT departments.

• Change Validation and Quality Assurance:

o Responsible for rigorously validating all security-related changes and configurations before their implementation in production environments, ensuring minimal risk and adherence to change management policies.

• Security Monitoring and Incident Response:

o Ensure that alerts generated from security components are promptly triaged, investigated, and acted upon, aligning with incident response procedures.

o Contribute to the continuous improvement of security monitoring and alerting capabilities.

• Financial Management:

o Manage the operational expenditure (OPEX) and capital expenditure (CAPEX) budgets for Security Operations, ensuring optimal resource allocation and cost-efficiency.

• People Management and Development:

o Lead, mentor, and develop a high-performing team of security operations professionals.

o Foster a culture of continuous learning, professional growth, and security awareness within the team.

o Conduct performance reviews and manage career development plans for team members.

• Reporting and Communication:

o Prepare and present regular performance reports, dashboards, and strategic updates on security operations to senior management, including the Head of Infrastructure, Operations & Services, and Head of Security.

o Ensure clear and concise communication of security posture, risks, and achievements.

• Service Improvement:

o Drive continuous service improvement initiatives within Security Operations, enhancing efficiency, effectiveness, and responsiveness.

o Implement automation and orchestration where feasible to streamline security processes.

Qualifications & Experience:

• Bachelor’s Degree in Computer Science, Information Technology, Cybersecurity, or a related field. Master’s degree is a plus.
• Relevant professional certifications such as CISSP, CISM, GSEC, CCNP Security, Fortinet NSE 4+, Palo Alto PCNSE, or equivalent are highly desirable.
• Minimum of 1ti-1ti years of progressive experience in IT infrastructure and security roles, with at least 5-7 years in a dedicated security operations management capacity, preferably within the financial services industry.
• Proven hands-on experience and in-depth knowledge of managing and operating a wide range of security technologies and appliances (e.g., Firewalls, WAF, IPS/IDS, Endpoint Security, NAC, SIEM integration).
• Strong understanding of network protocols, operating systems (Linux/Unix, Windows), and cloud security principles.
• Demonstrable experience in security architecture, design, and technology refresh planning.
• Solid understanding of IT governance, risk management, and compliance frameworks (e.g., ISO ti7titi1, NIST, BNM RMiT, PCI DSS).
• Experience in managing OPEX/CAPEX budgets.

Skills & Attributes:

• Exceptional leadership and people management skills, with the ability to motivate and develop a diverse team.
• Strong analytical and problem-solving abilities, capable of dissecting complex security issues.
• Excellent communication, presentation, and interpersonal skills, with the ability to articulate complex technical concepts to both technical and non-technical stakeholders (including senior management).
• Proactive, results-oriented, and able to thrive in a fast-paced, high-pressure environment.
• High level of integrity and a strong sense of accountability.
• Ability to work collaboratively across multiple departments and with external vendors.