Website Merchant Bank of Sri Lanka & Finance PLC
We are a leading financial services provider in Sri Lanka with a rich financial history being the country’s pioneer specialist in trade finance and investment banking, MBSL is listed in the Colombo Stock Exchange and is a finance company licensed by the Central Bank of Sri Lanka. As one of the most stable finance companies in the country, we provide a range of secure investments for our client’s funds, together with financial support for the growth and development of their entire family.
We are seeking a Chief Information Security Officer (CISO), who will be responsible for managing the total information security of the Organization. This position offers an exciting opportunity to thrive in a dynamic environment and contribute to the success of our valued organization.
Responsibilities
+ Develop, manage and operationalize the information security strategy to provide security for all systems, networks and data, supporting the company’s operations.
+ Develop, implement and maintain Information Security policies, procedures, and control techniques that align with the company’s Information Security strategy.
+ Serve as the point of contact for the information security function of the company and provide leadership for information security-related projects.
+ Ensure legal and regulatory compliance and adherence to security best practices and guidelines.
+ Continuously monitor and evaluate the information security practices of the company.
+ Perform information security audits and risk assessments.
+ Ensure that all staff receive the appropriate level of information security awareness.
+ Communicate information security goals and new programmes effectively with other departments/stakeholders.
+ Management reporting on the effectiveness of the company’s information security programme, including the progress of remedial actions.
+ Coordinate with Risk Management and IT Functions of the company for smooth implementation of the information security activities.
+ Ensure the Cyber hygiene is maintained within the organization and third-party outsourced agencies.
Qualifications
+ A Master’s Degree from a recognized University in Information Security / Computer Science / Information Technology / Cybersecurity with 04 years of Experience in a Senior/Chief Manager capacity OR a bachelor’s Degree in a similar field with 06 years of experience in a similar capacity OR a Diploma/Professional Qualification with 08 years of experience in a similar capacity
+ Any of the formal certifications in Information Security is an added advantage
+ Ability to understand the business and provide solutions and expertise to maintain company information security and the highest levels
+ Excellent communication skills
+ Outstanding People management and interpersonal relationship skills
IMPORTANT: At least one of the below professional qualifications from the professional bodies of ISACA, ISC2, GIAC is mandatory if the candidate does not possess a Masters degree in Information Security OR any Computer Science or IT related Masters specialized in Information Security
+ CISSP – Certified Information Systems Security Professional (ISC2)
+ GSTRT – GIAC Strategic Planning, Policy and Leadership
+ GISP – GIAC Information Security Professional
+ CISA – Certified Information Systems Auditor (ISACA)
+ CISM – Certified Information Security Manager (ISACA)
+ CRISC – Certified in Risk & Information Systems Control (ISACA