Executive Officer -Information Security New

Commercial Bank of Maldives Pvt Ltd

Salary

MVR 0+

Employment Type

Full-Time

Vacancies

Details

Salary and Benefits: MVR 0+
Successful candidates will be provided an attractive remuneration package including fringe benefits that commensurate with their qualifications and experience

Job Description

Overall Responsibility

The Executive Officer-Information Security will serve as the primary contact point for emphasis on coordination, compliance, and integrating security aspects into business processes.

This critical role involves acting as the central liaison between the CISO, Information Security domain of Parent Bank and the regulatory bodies of Maldives ensuring that security and compliance requirements are well met.

Key Tasks and Responsibilities

1. Requirements & Solution Definition

Security Architecture Review: reviewing the security requirements for new systems, including encryption standards, authentication protocols, and access controls in liaise with parent bank.
Gap Analysis: Identifying the "as-is" security posture versus the "to-be" requirements to ensure new solutions meet corporate standards.
Security by Design: Collaborating with necessary IT Teams to integrate security features early in the development lifecycle.
Tool Selection: Evaluating and recommending security technologies (e.g., EDR, SIEM, DLP) that align with the organization's technical structure.

2. Internal Approval & Governance

Policy Development: Creating and maintaining the Information Security Policy and internal related security policies.
Security Committee Participation: Presenting business cases to the related steering committees related to all matter coming under Information Security
Change Management: Reviewing and informing parent bank of any significant architectural changes to ensure they don't introduce new vulnerabilities
Exception Handling: Managing the formal process for documenting and approving "security exceptions" when business needs outweigh a specific security control

3. External Coordination & Vendor Liaison

Third-Party Risk Assessments (TPRA): Reviewing the security posture of vendors and cloud service providers before onboarding.
Contractual Review: Ensuring "Right to Audit" clauses and specific security requirements (like SOC2 or ISO 27001 compliance) are included in vendor contracts.
Threat Intelligence Sharing: Liaising with external bodies (like ISACs or CERTs) to stay informed about industry-specific threats.

4. Stakeholder Communication & Reporting

Executive Reporting: Creating high-level dashboards that communicate the organization's current risk posture.
Incident Response Communication: Acting as the primary point of contact during a breach to update stakeholders on containment and recovery efforts.
Security Awareness Training: Developing and delivering training programs to employees to foster a "security-first" culture.
Cross-Functional Alignment: Working with Legal, HR, and Privacy teams to ensure security initiatives don't conflict with other departmental goals.

5. Compliance & Risk Management

Risk Register Maintenance: Documenting identified risks, their potential impact, and the progress of mitigation efforts.
Audit Readiness: Preparing the organization for internal and external audits (e.g., SWIFT, PCI-DSS, MMA).
Regulatory Monitoring: Keeping track of new and evolving cybersecurity laws that might impact the business.
Data Privacy Coordination: Ensuring technical controls are in place to protect Personally Identifiable Information (PII).

6. Continuous Improvement in Information Security

KPI & KRI Tracking: Monitoring Key Performance Indicators (e.g., "Time to Detect") and Key Risk Indicators to measure security effectiveness.
Post-Incident Reviews: Conducting "lessons learned" sessions after security events to improve future response strategies.
Maturity Assessment: Periodically measuring the organization’s security maturity against frameworks like NIST CSF or ISO 27001.
Efficiency Optimization: Identifying redundant security tools or manual processes that can be automated to reduce costs and improve speed.

Qualifications and Requirements

Education: A Bachelor’s degree in Computer Science, Information Security, Cyber Security, or a related technical field is standard.
Experience: Proven hands-on experience in Banking and Fintech field not less than 3 years. Independent level professional certifications will be an added qualification.
Citizenship: Maldivian Nationals only.

Skills and Attributes

Designing of a long-term strategic roadmap that aligns all security initiatives with business growth.
Strong interpersonal and communication skills.
Deep understanding of emerging technologies of security technologies and how they can be leveraged to drive business growth.
Proven ability to manage multiple tasks and prioritize effectively in a dynamic environment.