Position Goal

To lead and mature National Banking Corporation Limited’s information security, governance, risk, and compliance functions in alignment with NBCL’s strategic transformation goals. This role ensures robust cybersecurity, regulatory compliance, and risk mitigation across all IT and business operations.

Key Responsibilities:

Information Security & Cybersecurity

• Develop and implement security strategies for systems, networks, and data centers.
• Maintain and update the Information Security Risk Register.
• Lead vulnerability assessments and ensure remediation of identified risks.
• Design and support the organization’s cybersecurity plan and architecture.
• Liaise with external security agencies and ensure secure information exchange.

Governance & Compliance

• Create and maintain IS-GRC policies, frameworks, and procedures.
• Lead compliance testing, attestations, and regulatory reviews (e.g., BPNG Prudential Standards).
• Ensure alignment of IT compliance with business objectives and legal requirements.
• Conduct training and awareness programs for IT compliance and cybersecurity.

Risk Management

• Identify, assess, and mitigate IT and cybersecurity risks.
• Collaborate with internal stakeholders to embed risk-aware practices.
• Monitor and report on risk trends and emerging threats.

Leadership & Strategic Alignment

• Build and develop the IS-GRC function and its visibility across the organization.
• Foster a security-aware culture through engaging education initiatives.
• Support NBC’s transformation strategy by integrating GRC into innovation efforts.

Qualifications and Experience

• Bachelor’s degree in IT, Information Security, Risk Management, or related field.
• 3–5 years in IS-GRC roles within banking or financial services.
• Certifications such as CISSP, CISM, CISA, ISO 27001 are highly desirable.
• Strong knowledge of regulatory frameworks (e.g., GDPR, PCI DSS, NIST, ISO 38500).
• Proven leadership, analytical, and communication skills.

Skills and abilities

• Strategic Thinking & Vision
• Information Security Expertise
• Governance & Compliance Leadership
• Risk Management Acumen
• Stakeholder Engagement & Communication
• Leadership & Team Development
• Project & Change Management
• Ethical Judgment & Integrity