Posted:
6/2/2025, 5:00:00 PM
Location(s):
Petaling Jaya, Selangor, Malaysia ⋅ Selangor, Malaysia
Experience Level(s):
Senior
Field(s):
IT & Security
If you are looking to excel and make a difference, take a closer look at us…
Job Overview:
We are seeking a highly experienced and strategic Defense Management Lead to spearhead our comprehensive security operations. This pivotal role will be responsible for overseeing and optimizing our vulnerability management, security governance, system security, and security advisory functions. The ideal candidate will be a proven leader with deep technical expertise across various security domains, exceptional organizational skills, and a strong commitment to enhancing our overall security posture.
Your Key Responsibilities:
1. VAPT (Vulnerability Assessment & Penetration Testing) Team Management:
Lead, mentor, and manage a team of VAPT specialists, fostering a culture of continuous improvement and technical excellence.
Develop, implement, and mature the VAPT program, including scope definition, methodology, tool selection, and reporting.
Oversee the execution of regular vulnerability assessments and penetration tests across applications, infrastructure, and networks.
Prioritize and track remediation efforts for identified vulnerabilities, collaborating with relevant teams to ensure timely resolution.
Stay abreast of emerging threats, vulnerabilities, and attack techniques to enhance VAPT strategies.
2. Security Governance:
Establish and maintain robust security governance frameworks, policies, standards, and procedures in alignment with industry best practices (e.g., ISO 27001, NIST, internal compliance requirements).
Lead and facilitate security audit assessments (internal and external), ensuring compliance with regulatory and organizational requirements.
Manage and conduct OSP (Outsourced Service Provider) security reviews, including due diligence and ongoing monitoring of third-party security posture.
Oversee the vendor security management program, assessing security risks posed by third-party vendors and ensuring appropriate controls are in place.
Provide governance and oversight over the security posture of all security components and solutions deployed within the organization.
3. System Security:
Manage and optimize endpoint security solutions (e.g., EDR, antivirus), ensuring comprehensive protection across all devices.
Oversee the lifecycle management of SSL/TLS certificates, ensuring timely renewals and proper implementation.
Develop and implement strategies for data encryption across various systems and data at rest/in transit.
Define and enforce hardening standards for operating systems, applications, and network devices.
Manage and secure file sharing mechanisms, ensuring data integrity, confidentiality, and access control.
4. Security Advisory, Architecture & Project Office:
Act as a primary security advisor to business units and technology teams, providing expert guidance on security best practices, risk mitigation, and architectural design.
Contribute to the development and evolution of the overall security architecture, ensuring alignment with business objectives and threat landscape.
Lead the security project office function, managing the lifecycle of security-related projects from initiation to closure.
Define project scopes, objectives, resource requirements, timelines, and budgets for security initiatives.
Monitor project progress, identify and mitigate risks, and ensure successful delivery of security projects.
Jobholder Requirements:
Bachelor's degree in Computer Science, Information Security, or a related field. Master's degree preferred.
8+ years of progressive experience in information security
In-depth knowledge of security governance frameworks (ISO 27001, NIST, etc.) and experience with audit management.
Strong understanding of system security principles, including endpoint security, encryption, hardening, and data protection.
Experience in security architecture and providing security advisory services.
Demonstrated success in managing security projects and programs.
Relevant industry certifications such as CISSP, CISM, OSCP, CEH, or equivalent are highly desirable.
Excellent communication, interpersonal, and presentation skills, with the ability to articulate complex security concepts to technical and non-technical audiences.
Strong analytical and problem-solving abilities, with a keen eye for detail.
Ability to work effectively in a fast-paced and dynamic environment.
What’s next:
Once you’ve applied online, our team will carefully review your application. Due to a high volume of applications, we appreciate your patience to allow for a fair and timely review process.
Should you be shortlisted for the role, we will send you an invitation via email for an interview. You can also check on your application status by logging into your candidate account.
About Hong Leong Bank
We are a leading financial institution in Malaysia backed by a century of entrepreneurial heritage. Providing comprehensive financial services guided by a Digital-at-the-Core ethos has earned us industry recognition and accolades for our innovative approach in making banking simpler and more effortless for our customers. Our digital and physical offerings span across a vast nationwide network in Malaysia, strengthened with an expanding regional presence in Singapore, Hong Kong, Vietnam, Cambodia, and China.
We seek to strike a balance between diversity, inclusion and merit to achieve our mission of infusing diversity in thinking and skillsets into our organisation. Candidates are assessed based on merit and potential, in line with our mission to attract and recruit the best talent available. Expanding on our “Digital at the Core” ethos, we are progressively digitising the employee journey and experience to provide a strong foundation for our people to drive life-long learning, achieve their career aspirations and grow talent from within our organisation.
Realise your full potential at Hong Leong Bank by applying now.
Website: https://hlb.com.my/
Headquarter Location: Kuala, Kalimantan Barat, Indonesia
Employee Count: 251-500
Year Founded: 1905
IPO Status: Public
Industries: Banking ⋅ Credit ⋅ Financial Services ⋅ Wealth Management