Job Description

If you are looking to excel and make a difference, take a closer look at us…

As a strategic leader in the Application Security and Access Management team, you will oversee the bank’s security framework to safeguard critical financial systems. Shifting from operations to strategic governance, you will manage identity management, database security, and user access lifecycles, enforcing the "Need-to-Know" principle across privileged accounts and third-party integrations. You will ensure strict compliance with regional regulatory standards—including BNM RMiT, PCI DSS, and PDPA—across Malaysia, Vietnam, Cambodia, Singapore, and Hong Kong. Act as a key gatekeeper for project implementations and User Acceptance Testing (UAT), while maintaining data sovereignty through log monitoring and exposure management. Additionally, you will drive proactive risk management by leading Risk and Control Self-Assessments (RCSA) and automating User Access Matrix (UAM) reviews. Collaborating with cross-functional stakeholders, you will mitigate application-layer threats and maintain meticulous audit trails to protect the bank from insider and outsider risks.

Responsibilities:

Functional:

• Access Governance Establish and govern a comprehensive access control baseline by reviewing and granting access authorities based on approved User Access Matrices (UAM). Ensure strict adherence to the Principle of Least Privilege across all environments and critical systems.
• Privileged Access Enforce strict governance over super-user and privileged accounts by ensuring IDs are split, lodged securely, and that all usage is properly documented, controlled, and reviewed to prevent abuse of administrative powers.
• Compliance Act as the primary coordinator for the periodic review of User Access Matrix (UAM)and User ID listings with Business Owners/Departments to ensure ongoing compliance. Execute annual Security Risk and Control Self-Assessments (RCSA) to identify gaps and enforce control effectiveness.
• Audit Drive audit readiness by acting as a point of contact for all internal and external IT security audits and regulatory reviews (including BNM, HKMA, and MAS), ensuring the bank demonstrates high maturity levels and audit readiness at all times. Drive the end-to-end audit lifecycle including PCI-DSS and PwC engagements by coordinating evidence collection, justifying control effectiveness, and tracking all findings to verified closure to minimize compliance risks.
• Projects & Change Enable strategic IT security integration by participating in IT and Business project meetings. Conduct security reviews, risk assessments, and review User Acceptance Testing (UAT) to ensure all deliverables meet necessary security requirements with proper sign-off before deployment.
• Housekeeping Ensure a timely deletion and housekeeping of resigned, dormant, or unused user IDs based on HR cessation notifications to minimize the attack surface.
• Documentation Proactively maintain and modernize the team's operational manuals, security checklists, and "How-to" guides to ensure tasks are executed with 100% consistency and accuracy. Regularly review these procedures to ensure they remain strictly compliant with the latest BNM guidelines, regional outsourcing requirements, and internal security policies.
• Operations Drive operational excellence by leading daily huddles and weekly cadences for the IT Security team to ensure task accountability and strict follow-through on outstanding issues. Establish a rigorous culture of performance, moving from passive monitoring to active enforcement of control testing, while ensuring all team deliverables meet the required quality and timelines.
• Vendor Act as the technical owner for IAM and security tools by monitoring vendor performance against Service Level Agreements (SLAs). Collaborate with Procurement during annual reviews and contract renewals to provide technical assessments of vendor support, system uptime, and issue resolution quality.

Managerial:

• Team Supervision Direct daily activities of the Application Identity team, setting clear KPIs, balancing workloads, and overseeing task delivery to meet required quality and project timelines.
• Mentorship & Upskilling Coach team members on IAM best practices, regional regulatory requirements, and technical tool proficiencies (e.g., CyberArk, SailPoint).
• Escalation Management Act as the ultimate gatekeeper and escalation point for complex or high-risk access requests, asserting authority when rejecting non-compliant requests.

S kills and Experience We Are Looking For:

• Bachelor's degree in Computer Science, Information Security, or a related field; equivalent practical experience will be considered.
• Professional Background 5-7 years of experience in Application Security, Identity & Access Management (IAM), or IT Risk within the Financial Services Industry (FSI).
• Regulatory Expertise Proven experience in managing compliance with BNM RMiT, PDPA, and internal security policies.
• Technical Knowledge Strong understanding of application security controls, database security, and user access management principles (UAM).
• Governance Mastery Expertise in developing, implementing, and monitoring IT security policies, standards, and the Risk & Control Self-Assessment (RCSA) framework.
• Audit & Assurance Familiarity with cybersecurity audit methodologies and frameworks such as ISO 27001, NIST, and COBIT and supporting internal/external audit engagements.
• Operational Leadership Demonstrated experience leading team huddles and operational cadences to drive task accountability and performance.
• Regulatory Reporting Proficient in automating and creating Executive Dashboards for KRI reporting andregulatory submissions.
• Audit Orchestration Skilled in leading audit engagements, coordinating evidence collection, and conducting rigorous control testing to ensure constant audit readiness.
• Strategic Influence Ability to justify control effectiveness to auditors and influence stakeholders across IT and Business to prioritize security remediation.
• Regional Operations Experience in supporting or standardizing security operations across multiple regional entities (e.g., Singapore, Hong Kong, Vietnam) is highly advantageous.

Special Skills

• Regulatory Strategy Good command of Identity Governance & Administration (IGA) and Privileged Access Management (PAM) ecosystems (e.g., CyberArk, SailPoint, or similar banking-grade IAM platforms). You must be capable of not just operating these tools, but acting as the Technical Owner identifying integration issues, defining entitlement structures, and critically assessing vendor technical performance against SLAs.
• Operational Gatekeeping & Enforcement Proven ability to act as the primary defender of the Principle of Least Privilege (PoLP) and Zero Trust access methodologies. You must be assertive and confident in challenging excessive access requests from IT and Business users, ensuring that convenience never overrides security policy. You must be able to clearly articulate the specific policy violations (e.g., Segregation of Duties conflicts) to stakeholders to justify the rejection of non-compliant requests.
• Professional Credentials Professional certifications are highly preferred to validate technical and governance expertise, specifically CISSP (Certified Information Systems Security Professional) or CISA (Certified Information Systems Auditor) or IAM-related certifications are considered a significant advantage.

For more job opportunities, please go to HLB Careers: https://hlb.wd3.myworkdayjobs.com/HLBCareers/

We appreciate your application and will be in touch with shortlisted candidates regarding next steps.

Realise your full potential at Hong Leong Bank by applying now.