AVP, Cybersecurity

Mutiara Damansara, Selangor
Permanent
Full-time

16 days ago

About YouThe Assistant Vice President (AVP), Cybersecurity is a leadership role responsible for the end-to-end management and strategic direction of CARSOME's cybersecurity program. This role is responsible for driving the delivery of Governance, Risk & Compliance (GRC), Security Operations, Cloud Security, and Product Security initiatives. The AVP will lead a team of security professionals to implement foundational security controls, meet audit expectations, and support strategic expansionin alignment with the Cybersecurity Strategy 2025 and ISO 27001 standards.Key Responsibilities:A. Leadership & Strategy:

Provide strategic leadership and direction for the cybersecurity function, aligning with CARSOME's overall business objectives and risk appetite.
Develop and implement a comprehensive cybersecurity program based, to drive growth in the maturity of CARSOME's cybersecurity posture.

B. Governance, Risk & Compliance (GRC):

Establish and maintain a structured governance framework aligned with ISO 27001.
Oversee the development and enforcement of security policies, risk assessments, and compliance monitoring.
Ensure continuous security monitoring and reporting to Exco for improved oversight.
Establish a formal risk treatment plan and risk acceptance criteria.
Lead internal policy enforcement, risk register management, audit liaison, and vendor risk review.

C. Security Operations:

Oversee security operations and information security incident response, ensuring timely detection, analysis, and remediation of security incidents.
Ensure timely and review of threat intel supplied by SIEM monitoring, MSOC and other relevant sources.
Drive outcomes from managed services, such as Managed SOC, DFIR, and VAPT, to triage alerts and defend audit controls.

D. Cloud & Product Security:

Lead the implementation of cloud-native security tooling and drive CI/CD pipeline hardening in partnership with Engineering & DevOps teams.
Ensure the security of cloud workloads and infrastructure during the AWS-to-GCP migration.
Oversee the integration of SAST, DAST, and SCA security testing tools into CI/CD pipelines.
Consolidate Application Security (AppSec) and Product Security (ProdSec) into a unified Product Security function.

E. Team Management & Development:

Lead and manage a team of security engineers and analysts, providing guidance, mentorship, and professional development opportunities.
Foster a security-first mindset and promote security awareness across the organization.

F. Collaboration & Communication:

Collaborate with Engineering, DevOps, Product, Legal, IT, and Business Operations teams to prioritize security across all functions.
Communicate effectively with leadership and stakeholders on the status of the cybersecurity program, risks, and mitigation strategies.

G. Budget Management:

Manage the cybersecurity budget, ensuring efficient allocation of resources to support key initiatives.

Qualifications & Experiences:

Bachelor's or Master's degree in Computer Science, Cybersecurity, or a related field.
Minimum of 10 years of experience in cybersecurity, with at least 5 years in a leadership role.
Strong understanding of cybersecurity frameworks, such as ISO 27001, NIST, and SOX.
Experience with cloud security, DevSecOps, and incident response.
Excellent leadership, communication, and interpersonal skills.
Must demonstrate the ability to translate strategy into execution through verifiable
examples of past security program implementations, not just theoretical knowledge.

Carsome

Apply Now