Business Information Security Risk Manager - Mizuho Bank

Company Profile
MIZUHO BANK IS THE BANKING SUBSIDIARY OF MIZUHO FINANCIAL GROUP OF JAPAN, ONE OF THE WORLD'S LARGEST FINANCIAL SERVICES PROVIDERS.

IN 1974, ONE OF MIZUHO'S PREDECESSOR BANKS COMMENCED BRANCH OPERATIONS IN SINGAPORE, MEANING WE HAVE HAD A PRESENCE IN SINGAPORE FOR OVER 50 YEARS. MIZUHO BANK SINGAPORE BRANCH HOLDS A FULL BANK LICENSE AND PROVIDES BANKING SERVICES TO MORE THAN 2,000 JAPANESE AND NON-JAPANESE CLIENTS, OPERATING WITH AN ON-THE-GROUND STAFF STRENGTH OF AROUND 1000 IN SINGAPORE. ITS PRINCIPAL BUSINESS ENCOMPASSES CORPORATE FINANCE, TRADE FINANCE, CASH MANAGEMENT, FUNDS TRANSFERS, PROJECT FINANCE AND TREASURY. IT ALSO COLLABORATES WITH ITS AFFILIATE COMPANY, MIZUHO SECURITIES, TO PROVIDE INVESTMENT BANKING SOLUTIONS TO ITS CLIENTS.

Mizuho Bank is seeking an experienced Information Security Risk professional to lead information security risk management strategy for the major, multi-year technology transformation program of Core Banking systems and related applications, covering integration, deployment and data migration across Mizuho APAC for CASA, Lending, Cash / Payment, and Trade Finance business functionalities.

Reporting to Regional Risk & Control (RRC) and accountable to the Core Banking Program's Accountable Executive (AE), the Business Information Security Risk Manager will support regional risk governance ensuring effective identification, assessment, mitigation and reporting of information security risks for Core Banking portfolio. This role requires tight collaboration with the AE, CISO and Business stakeholders across the region, ensuring adoption of security measures and their consistent integration and execution for Mizuho APAC.

• Serve as the primary liaison between the program stakeholders, IT security and the business units to ensure security requirements are integrated into the core banking projects and business processes
• Have deep and broad familiarity with Cyber Hygiene, Application Security and Information Security domains to identify, evaluate, secure and manage risks in core banking environments, including enterprise integration, data protection, operational process and third party / vendor risks
• Collaborate with legal, audit, assurance and compliance teams to align security risk management with organizational and regulatory requirements

• Conduct application threat modeling to identify security weaknesses and vulnerabilities, even without detailed standards or elaborate guidance
• Perform compliance review and risk analysis covering IT security and information control areas, and able to clearly articulate security risk in business context
• Evaluate risk mitigation options and influence toward practical mitigation strategies tailored to core banking architecture and processes, ensuring they are technically feasible and commercially defensible
• Provide guidance and consultative support to the program regarding security risk, compliance and best practices
• Stay current with industry trends, regional cyber laws, emerging threats and best practices to continuously improve the organization risk posture

• Own and manage Security Risk Register for the program ensuring ongoing risk identification, mitigation and reporting to senior management and risk committees
• Communicate risk policies, findings, recommendations and security posture to stakeholders, including preparing consolidated written reports for senior leadership and relevant committees

• Provide advisory to ensure that all compliance requirements relevant to internal risk management framework and banking regulations across APAC (e.g. MAS, HKMA, etc.) can be met

• Oversee compliance with secure software development lifecycle (SDLC) practices, including secure coding and deployment, security testing, vulnerability management and relevant IT risk management processes
• Operate and uplift existing risk management framework and their supporting processes, where required, to address control gaps and effectiveness issues

• Able to build and maintain strong working relationships with a diverse set of stakeholders within and across the IT and business departments
• Able to manage work in a fast-moving, high-pressure environment and balancing multiple work activities
• Culturally aware to work well with project teams, including with teams who are based offshore or in different geographical locations

SKILLS AND QUALIFICATIONS

• Bachelor's or Master's degree in Computer Science, Information Security, Software Engineering, or related field
• Professional certifications, such as CISSP, CRISC or CISM, are preferred
• Minimum 11 years' experience in the banking / financial services industries focused on information security and risk related functions
• Strong technical expertise in Cybersecurity principles, threat management, and security frameworks with deep understanding of core banking systems, architecture, operations and security challenges
• Strong knowledge of application security tools, e.g. SAST/DAST, SCA, secure coding practices and vulnerability management
• Demonstrated business acumen with the ability to understand and align security initiatives with business processes and objectives, or proven experience in a BISO role to balance business objectives with security requirements
• In-depth knowledge and practical understanding of information security risk management frameworks, standards and methodologies (e.g. ISO 27001, COBIT, NIST, OWASP, MITRE, etc.)
• Proven experience in risk assessment methodologies, GRC (Governance, Risk and Compliance) tools, policy development, compliance management, and risk reporting
• Familiarity with regulatory requirements and compliance standards relevant to banking across Asia Pacific jurisdictions (e.g. MAS, HKMA, RBI, etc.)
• Experience in DevSecOps and Public Cloud Technology stacks / security models (AWS, Azure or Google Cloud) are desirable

• Analytical mindset with strong problem-solving skills
• Proactive, self-motivated and resourceful
• Assertive, adaptable and self-aware
• Able to work in a fast-paced, regulated environment
• Excellent communication and interpersonal skills, able to articulate and summarize complex thoughts and analytics to various stakeholders, including non-technical audience of various levels
• Excellent stakeholder management and project management skills