FreeHire

affinbank

Head, Cyber Risk Management

Show

Create your future with Affin! ​​You too can make a difference.

Join us at AFFIN, where the open minds meet and be inspired by a shared commitment to great work. Here, you don’t just stay at the forefront of the industry – you can make a difference too.

Job Purpose

To lead and oversee the Cyber Risk Management unit under Group Technology Risk Management (GTRM), serving as the Second Line of Defense (2LOD) in providing independent risk oversight on Group Technology (GT), which operates as the First Line of Defense (1LOD).

The role is responsible for ensuring that technology and cyber risks across the Group are appropriately identified, assessed, monitored, and mitigated in compliance with internal risk governance frameworks and regulatory requirements, including Bank Negara Malaysia (BNM), Securities Commission Malaysia (SC), and Bursa Malaysia.

Key Responsibilities

1. Cyber Risk Oversight & Governance

  • Lead the independent oversight of cyber and technology risks across the Group in line with the Bank’s Enterprise Risk Management Framework.
  • Establish and maintain cyber risk management policies, standards, and frameworks aligned to regulatory expectations and industry best practices.
  • Provide effective advisory to the First Line (Group Technology) on risk identification, mitigation plans, and control effectiveness.

2. Regulatory Compliance & Engagement

  • Ensure full compliance with regulatory requirements, including BNM Risk Management in Technology (RMiT), SC guidelines, and Bursa requirements.
  • Act as the central coordination point for regulatory reviews, audits, and submissions relating to cyber and technology risk.
  • Monitor regulatory developments and ensure timely implementation of new requirements across the Group.

3. Risk Assessment & Monitoring

  • Oversee the execution of cyber risk assessments, including IT risk assessments, vulnerability management oversight, and cyber resilience reviews.
  • Review and challenge risk and control self-assessments (RCSAs), key risk indicators (KRIs), and risk reporting provided by the First Line.
  • Ensure material risks are escalated appropriately to senior management and relevant governance committees.

4. Incident Oversight & Cyber Resilience

  • Provide oversight of major cyber incidents and ensure appropriate escalation, response, and post-incident review.
  • Assess the adequacy of incident response, disaster recovery, and business continuity plans from a cyber risk perspective.
  • Ensure lessons learned from incidents are embedded into risk mitigation strategies.

5. Stakeholder Management & Advisory

  • Serve as a trusted risk advisor to Group Technology, senior management, and business units on cyber risk matters.
  • Engage with internal stakeholders including Compliance, Internal Audit, and Business Units to ensure a coordinated risk management approach.
  • Present cyber risk insights, issues, and recommendations to senior management committees (e.g., Risk Management Committee, Board-level committees).

6. Team Leadership & Capability Building

  • Lead, develop, and mentor the Cyber Risk Management team to ensure strong technical and risk management capabilities.
  • Drive a culture of risk awareness and accountability across the organisation.
  • Ensure adequate resources, tools, and skillsets are in place to support evolving cyber risk landscape.

Job Requirements

Academic & Professional Qualifications

  • Bachelor’s Degree in Information Security, Cybersecurity, Computer Science, Risk Management, or related discipline.
  • Professional certifications are highly preferred (e.g., CISSP, CISM, CRISC, CISA, or equivalent).

Experience

  • Minimum 8 of relevant experience in cyber risk, technology risk, or IT security, preferably within the financial services industry.
  • Proven experience in a leadership role managing cyber risk or technology risk functions.
  • Strong familiarity with regulatory requirements such as BNM RMiT, SC guidelines, and Bursa Malaysia expectations.

Technical & Functional Competencies

  • Strong understanding of cyber risk frameworks, IT governance, and security controls.
  • Experience in risk assessment methodologies, cyber threat landscape, and incident management oversight.
  • Ability to challenge technical stakeholders and provide independent risk perspectives.

Behavioural Competencies

  • Strong leadership and stakeholder management skills, with the ability to influence across all levels of the organisation.
  • High level of integrity, professionalism, and sound judgement.
  • Strong analytical thinking, decision-making, and problem-solving capabilities.
  • Effective communication and presentation skills, particularly at senior management and Board level.