Regional Cyber Risk and Controls Manager - VP

We are seeking a highly skilled and experienced cybersecurity professional to join our team as a Vice President (VP) level Cybersecurity Risk and Controls Manager. In this role, you will be responsible for managing risk for APAC region and be SME in multiple domain including Identity and Access, Network security, Data security, Third Party Risk and Cyber Incident Management. You will be representing APAC at global governance forums and provide cybersecurity expertise and insights to key stakeholders within the region. You will also be overseeing State Street entities and our Joint Ventures in the region, analyzing cyber risk, meeting Regional regulatory requirements and assessing key metrics to drive continuous uplift and risk mitigation. You will be collaborating with Security Operations Centers (SOC) to respond to security incidents, identifying and supporting simulation exercises, implementing containment measures in response to audit findings or self-identified issues, supporting vulnerability discoveries through rigorous testing and participating in specialized projects.

Job Description

• Measure and Report Risk : Assess and report risk posture for APAC region, including countries risk committees and legal entities utilizing our existing frameworks, metrics, key updates, projects, incidents etc.
• Global Governance Meetings : Attend and present at global governance forum meetings to represent regional interests. Build relationship with senior leadership to shape the organization's cybersecurity strategy, align it with corporate goals, and ensure compliance with relevant regulations and standards.
• Regulatory : Have direct and relevance experience in working with Regional regulators (MAS, HKMA, APRA, JFSA, NFRA etc.) and deep understanding of individual regulatory requirements to ensure compliance. Representing the bank at various Regulatory forums and working groups.
• Analyze Metrics and Drive Improvement : Identify and implement metrics and key risk indicators (KRIs) to measure the effectiveness of cybersecurity controls, incident response capabilities, and vulnerability management processes. Analyze data and drive continuous improvement initiatives to align with corporate standards and industry best practices.
• Trusted Advisor : Build strong relationship with key stakeholders regionally and globally (Business, Technology, Cyber, Risk, Audit etc.) and collaborate with control owners to ensure regional requirements are met, both from Regulatory and risk management perspective.
• Joint Ventures in APAC : Oversee cybersecurity aspects of joint ventures. Collaborate with internal and external stakeholders to ensure the alignment of cybersecurity controls, incident response procedures, and metrics monitoring governance process aligned to the enterprise.
• Security Incident Response : Collaborate with the global SOC team to promptly respond to security incidents, investigate root causes, and develop effective remediation strategies. Act as a subject matter expert in cyber incident response, ensuring timely and accurate communication with key stakeholders. Working seamlessly with 2LoD, Compliance to ensure any Regulatory needs are catered for.
• Cyber Simulation Exercises : Identify and support cyber simulation exercises to assess the effectiveness of our cybersecurity controls and incident response capabilities across the APAC region. Coordinate with internal teams, global stakeholders and external vendors to conduct realistic exercises that simulate real-world cyber threats and evaluate the organization's readiness to handle such incidents.
• Audit and Self-Identified Issues : Take ownership of containment measures and remediation plans in response to internal and external audits, as well as self-identified security issues. Work closely with cross-functional teams to identify vulnerabilities, implement necessary controls, and ensure compliance with relevant regulations and standards.
• Vulnerability Management : Drive continuous improvement by working closely with vulnerability teams who analyse systems, applications, and infrastructure. Collaborate with IT teams to prioritize and remediate vulnerabilities in a timely manner. Ensure accurate metrics for vulnerability scanning, penetration testing, patch management, code scans etc.
• Specialized Projects : Participated in specialized cybersecurity projects such as the implementation of advanced threat detections systems, development of secure software development life cycle (SDLC), enhancement of data loss prevention (DLP) rules. Provide matter expertise and guidance throughout APAC Data Centre migration and workforce integration involved with joint ventures.

Qualifications