The Vice President, Security Governance is responsible for ensuring effective cybersecurity governance, risk management and compliance across APAC multiple franchises and subsidiaries. This role supports audit activities, drives adherence to cybersecurity policies and controls, steers initiatives that strengthen security maturity and leads training programs to promote best practices within the organization and its franchises. Job Responsibilities: Multi-Franchise Support Provide cyber governance and controls support across SMBC branches, subsidiaries and franchise operations to ensure consistent application of corporate technology and security standards Collaborate with local franchise teams to assess security posture, share best practices, and facilitate alignment with corporate policies. Serve as a liaison between corporate governance and franchise operations to address technology risk and compliance issues. Governance and Controls Management Develop, maintain, and enhance comprehensive security governance standards, policies, procedures, and guidelines aligned with corporate policies, regulatory mandates, and industry-leading frameworks. Monitor adherence to cybersecurity controls and governance practices across all business units. Partner with business units and IT teams to assess, refine, and standardize cyber risk and information security management processes to ensure consistency and operational excellence. Identify process/capabilities gaps and inefficiencies within IT and IS frameworks; recommend and implement pragmatic improvements to enhance security posture and risk management. Audit Support Oversee cybersecurity audits, assurance activities, and regulatory engagements; manage responses to audit findings and regulatory inquiries with thorough documentation and knowledge management Coordinate and support internal audit activities related to security controls across the enterprise and its franchises. Prepare and manage audit documentation, respond to audit findings, and track remediation plans to closure. Training and Best Practices Sharing Develop and deliver security training programs to enhance awareness of cyber security governance and controls among employees and franchisees. Facilitate knowledge-sharing forums to disseminate best practices and lessons learned across franchises and subsidiaries. Communicate effectively across the organization to raise awareness of cyber security policies, standards, and changes, fostering a culture of compliance and security mindfulness Stakeholder Collaboration Collaborate with the wider Cybersecurity, Risk Management, IT Operations, Legal, and Compliance teams to integrate governance and controls across technology initiatives. Engage with franchise leadership to support governance initiatives and foster strong communication channels. Candidate Requirements Bachelor’s degree in information technology, Cybersecurity, or a related field. Minimum 12 years of professional experience with at least 10 years focused on cyber risk management and information security governance, preferably in a financial institution. Deep expertise in risk management frameworks, IT governance, cybersecurity standards, and compliance requirements across multiple jurisdictions. Proven experience managing audits and regulatory compliance in technology, cybersecurity, and information security domains. Good knowledge across diverse IT and security domains, including but not limited to, Cryptographic Key Management, Third-Party Risk Management, and AI Risk Management. Exceptional interpersonal, analytical, and written communication skills with the ability to influence and engage stakeholders at all levels. Demonstrated problem-solving skills and ability to work effectively under pressure and tight deadlines. Self-motivated, meticulous, and a proactive team player with a positive attitude and strong sense of responsibility. Ability to manage multiple priorities in a fast-paced, evolving environment. Relevant professional certifications (e.g. CISSP, CISA, CRISC, CGEIT) and knowledge of CRI are highly desirable.