Chief Information Security Officer

  • Full Time
  • Colombo

Website Merchant Bank of Sri Lanka & Finance PLC

We are a leading financial services provider in Sri Lanka with a rich financial history being the country’s pioneer specialist in trade finance and investment banking, MBSL is listed in the Colombo Stock Exchange and is a finance company licensed by the Central Bank of Sri Lanka. As one of the most stable finance companies in the country, we provide a range of secure investments for our client’s funds, together with financial support for the growth and development of their entire family.

We are seeking a Chief Information Security Officer (CISO), who will be responsible for managing the total information security of the Organization. This position offers an exciting opportunity to thrive in a dynamic environment and contribute to the success of our valued organization.


+ Develop, manage and operationalize the information security strategy to provide security for all systems, networks and data, supporting the company’s operations.

+ Develop, implement and maintain Information Security policies, procedures, and control techniques that align with the company’s Information Security strategy.

+ Serve as the point of contact for the information security function of the company and provide leadership for information security-related projects.

+ Ensure legal and regulatory compliance and adherence to security best practices and guidelines.

+ Continuously monitor and evaluate the information security practices of the company.

+ Perform information security audits and risk assessments.

+ Ensure that all staff receive the appropriate level of information security awareness.

+ Communicate information security goals and new programmes effectively with other departments/stakeholders.

+ Management reporting on the effectiveness of the company’s information security programme, including the progress of remedial actions.

+ Coordinate with Risk Management and IT Functions of the company for smooth implementation of the information security activities.

+ Ensure the Cyber hygiene is maintained within the organization and third-party outsourced agencies.


+ A Master’s Degree from a recognized University in Information Security / Computer Science / Information Technology / Cybersecurity with 04 years of Experience in a Senior/Chief Manager capacity OR a bachelor’s Degree in a similar field with 06 years of experience in a similar capacity OR a Diploma/Professional Qualification with 08 years of experience in a similar capacity

+ Any of the formal certifications in Information Security is an added advantage

+ Ability to understand the business and provide solutions and expertise to maintain company information security and the highest levels

+ Excellent communication skills

+ Outstanding People management and interpersonal relationship skills

IMPORTANT: At least one of the below professional qualifications from the professional bodies of ISACA, ISC2, GIAC is mandatory if the candidate does not possess a Masters degree in Information Security OR any Computer Science or IT related Masters specialized in Information Security

+ CISSP – Certified Information Systems Security Professional (ISC2)

+ GSTRT – GIAC Strategic Planning, Policy and Leadership

+ GISP – GIAC Information Security Professional

+ CISA – Certified Information Systems Auditor (ISACA)

+ CISM – Certified Information Security Manager (ISACA)

+ CRISC – Certified in Risk & Information Systems Control (ISACA

To apply for this job email your details to

Scroll to Top