AVP, Cybersecurity

The Assistant Vice President (AVP), Cybersecurity is a leadership role responsible for the end-to-end management and strategic direction of CARSOME's cybersecurity program. This role is responsible for driving the delivery of Governance, Risk & Compliance (GRC), Security Operations, Cloud Security, and Product Security initiatives. The AVP will lead a team of security professionals to implement foundational security controls, meet audit expectations, and support strategic expansion in alignment with the Cybersecurity Strategy 2025 and ISO 27001 standards.

Key Responsibilities:

A. Leadership & Strategy:

• Provide strategic leadership and direction for the cybersecurity function, aligning with CARSOME’s overall business objectives and risk appetite.
• Develop and implement a comprehensive cybersecurity program to drive growth in the maturity of CARSOME's cybersecurity posture.

B. Governance, Risk & Compliance (GRC):

• Establish and maintain a structured governance framework aligned with ISO 27001.
• Oversee the development and enforcement of security policies, risk assessments, and compliance monitoring.
• Ensure continuous security monitoring and reporting to Exco for improved oversight.
• Establish a formal risk treatment plan and risk acceptance criteria.
• Lead internal policy enforcement, risk register management, audit liaison, and vendor risk review.

C. Security Operations:

• Oversee security operations and information security incident response, ensuring timely detection, analysis, and remediation of security incidents.
• Ensure timely review of threat intel supplied by SIEM monitoring, MSOC and other relevant sources.
• Drive outcomes from managed services, such as Managed SOC, DFIR, and VAPT, to triage alerts and defend audit controls.
• Lead the implementation of cloud-native security tooling and drive CI/CD pipeline hardening in partnership with Engineering & DevOps teams.
• Ensure the security of cloud workloads and infrastructure during the AWS-to-GCP migration.
• Oversee the integration of SAST, DAST, and SCA security testing tools into CI/CD pipelines.
• Consolidate Application Security (AppSec) and Product Security (ProdSec) into a unified Product Security function.

E. Team Management & Development:

• Lead and manage a team of security engineers and analysts, providing guidance, mentorship, and professional development opportunities.
• Foster a security-first mindset and promote security awareness across the organization.
• Collaborate with Engineering, DevOps, Product, Legal, IT, and Business Operations teams to prioritize security across all functions.
• Communicate effectively with leadership and stakeholders on the status of the cybersecurity program, risks, and mitigation strategies.

G. Budget Management:

• Manage the cybersecurity budget, ensuring efficient allocation of resources to support key initiatives.

Qualifications & Experiences:

• Bachelor's or Master's degree in Computer Science, Cybersecurity, or a related field.
• Minimum of 10 years of experience in cybersecurity, with at least 5 years in a leadership role.
• Strong understanding of cybersecurity frameworks, such as ISO 27001, NIST, and SOX.
• Experience with cloud security, DevSecOps, and incident response.
• Excellent leadership, communication, and interpersonal skills.
• Must demonstrate the ability to translate strategy into execution through verifiable examples of past security program implementations, not just theoretical knowledge.

CARSOME is Southeast Asia’s largest integrated car e-commerce platform. With operations across Malaysia, Indonesia, Thailand and Singapore, CARSOME aims to digitize the region’s used car industry by reshaping and elevating the car buying and selling experience.

CARSOME provides end-to-end solutions to consumers and used car dealers, from car inspection to ownership transfer to financing, promising a service that is trusted, convenient and efficient. CARSOME currently transacts around 100,000 cars annually and has more than 2,000 employees across all its offices.

CARSOME is an equal opportunities employer and welcomes applications from diverse candidates.