2026 Market Insights & Salary Guide
Explore the latest hiring trends and in-demand skills shaping the employment landscape in 2026 to guide your hiring strategies or job search.
- Posted 24 February 2026
- SalaryNegotiable
- LocationKuala Lumpur
- Job type Permanent
- DisciplineBanking & Financial Services
- Reference426112_1771915317
Back to jobs
VP2, Technology Governance & Assurance
Job description
Key Responsibilities
- Partner with senior management team to develop, enhance, and maintain information security governance frameworks, including policies, standards, and procedures.
- Lead technology risk management and security compliance reviews, assessing alignment against regulatory requirements and industry best practices.
- Manage regulatory engagement and communications on security matters, including tracking issues and driving remediation to closure.
- Oversee information security policy management, security controls, and compliance deviation assessments.
- Conduct IT security risk assessments for applications and infrastructure projects, including preparation of risk acceptance materials for governance committees.
- Provide security advisory and consultancy on new business initiatives, emerging technologies, and solution designs.
- Review and drive secure architecture and secure-by-design principles across systems and platforms.
- Lead information security due diligence assessments for key outsourcing and third-party service providers.
- Design and roll out security awareness and education programmes, tracking effectiveness and targeted follow-ups.
Requirements
- Bachelor's degree in Computer Science, Engineering, Information Systems, or a related discipline.
- 10-15 years of experience in information security, technology risk, or IT governance, with at least 5 years in hands-on security governance and risk assessment within the financial services industry.
- Broad understanding of IT and cybersecurity domains, including security controls, application and infrastructure environments, vendor and outsourcing risk, IT audit, governance, and business continuity.
- Solid knowledge of regulatory and security standards, such as BNM RMiT, MAS TRM, PayNet, PCI-DSS, and related frameworks.
- Professional certifications are highly desirable (e.g. CISSP, CISM, CRISC, CISA, CEH, ITIL, PMP).
- Strong stakeholder engagement skills, with the ability to work effectively across business, technology, and regulatory bodies