Regional Cyber Risk and Controls Manager – VP

We are seeking a highly skilled and experienced cybersecurity professional to join our team as a Vice President (VP) level Cybersecurity Risk and Controls Manager. In this role, you will be responsible for managing risk for APAC region and be SME in multiple domain including Identity and Access, Network security, Data security, Third Party Risk and Cyber Incident Management. You will be representing APAC at global governance forums and provide cybersecurity expertise and insights to key stakeholders within the region. You will also be overseeing State Street entities and our Joint Ventures in the region, analyzing cyber risk, meeting Regional regulatory requirements and assessing key metrics to drive continuous uplift and risk mitigation. You will be collaborating with Security Operations Centers (SOC) to respond to security incidents, identifying and supporting simulation exercises, implementing containment measures in response to audit findings or self-identified issues, supporting vulnerability discoveries through rigorous testing and participating in specialized projects.

Job Description

• Measure and Report Risk: Assess and report risk posture for APAC region, including countries risk committees and legal entities utilizing our existing frameworks, metrics, key updates, projects, incidents etc.

• Global Governance Meetings: Attend and present at global governance forum meetings to represent regional interests. Build relationship with senior leadership to shape the organization’s cybersecurity strategy, align it with corporate goals, and ensure compliance with relevant regulations and standards.

• Regulatory: Have direct and relevance experience in working with Regional regulators (MAS, HKMA, APRA, JFSA, NFRA etc.) and deep understanding of individual regulatory requirements to ensure compliance. Representing the bank at various Regulatory forums and working groups.

• Analyze Metrics and Drive Improvement: Identify and implement metrics and key risk indicators (KRIs) to measure the effectiveness of cybersecurity controls, incident response capabilities, and vulnerability management processes. Analyze data and drive continuous improvement initiatives to align with corporate standards and industry best practices.

• Trusted Advisor: Build strong relationship with key stakeholders regionally and globally (Business, Technology, Cyber, Risk, Audit etc.) and collaborate with control owners to ensure regional requirements are met, both from Regulatory and risk management perspective.

• Joint Ventures in APAC: Oversee cybersecurity aspects of joint ventures. Collaborate with internal and external stakeholders to ensure the alignment of cybersecurity controls, incident response procedures, and metrics monitoring governance process aligned to the enterprise.

• Security Incident Response: Collaborate with the global SOC team to promptly respond to security incidents, investigate root causes, and develop effective remediation strategies. Act as a subject matter expert in cyber incident response, ensuring timely and accurate communication with key stakeholders. Working seamlessly with 2LoD, Compliance to ensure any Regulatory needs are catered for.

• Cyber Simulation Exercises: Identify and support cyber simulation exercises to assess the effectiveness of our cybersecurity controls and incident response capabilities across the APAC region. Coordinate with internal teams, global stakeholders and external vendors to conduct realistic exercises that simulate real-world cyber threats and evaluate the organization's readiness to handle such incidents.

• Audit and Self-Identified Issues: Take ownership of containment measures and remediation plans in response to internal and external audits, as well as self-identified security issues. Work closely with cross-functional teams to identify vulnerabilities, implement necessary controls, and ensure compliance with relevant regulations and standards.

• Vulnerability Management: Drive continuous improvement by working closely with vulnerability teams who analyse systems, applications, and infrastructure. Collaborate with IT teams to prioritize and remediate vulnerabilities in a timely manner. Ensure accurate metrics for vulnerability scanning, penetration testing, patch management, code scans etc.

• Specialized Projects: Participated in specialized cybersecurity projects such as the implementation of advanced threat detections systems, development of secure software development life cycle (SDLC), enhancement of data loss prevention (DLP) rules. Provide matter expertise and guidance throughout APAC Data Centre migration and workforce integration involved with joint ventures.

Qualifications

• Bachelor's degree in Computer Science, Information Security, or a related field. Advanced degree preferred.
• Two or more Professional Certifications required (e.g. CISA, CISM, CISSP, CRISC, CCSK, AWS, Azure)
• Minimum of 10 years of experience in cybersecurity, with deep technical understanding of two or more domains – Identity and Access Management, Data Protection, Network security, System Security, Application Security, Cloud Security, Security Operations (e.g. Incident Management)
• Strong understanding of cybersecurity frameworks, standards, and best practices.
• Working knowledge of Technology regulatory frameworks within the Region (MAS TRMG, HK CRAF, APRA CPS 234 etc.)
• Proficiency in assisting with cybersecurity incident response and investigations.
• Experience in developing and conducting cyber simulation exercises.
• In-depth knowledge of vulnerability management processes, tools, and techniques.
• Familiarity with security auditing, risk assessment, and compliance frameworks.
• Strong understanding of network security, firewalls, IDS/IPS, SIEM, and other security technologies.
• Demonstrated leadership skills, with the ability to work independently and collaborate effectively with cross-functional teams and senior management.
• Ability to interface with key stakeholders and operate at various levels of seniority as an individual contributor and/or Manager
• Excellent written and verbal communication skills, with the ability to articulate complex cybersecurity issues to both technical and non-technical stakeholders.
• Strong analytical and problem-solving abilities, with a focus on driving continuous improvement and innovation.

State Street's Speak Up Line