Chief Information Security Officer

Job Overview

Abans Finance PLC is seeking a dynamic, result-oriented professional to fill the senior executive position of Chief Information Security Officer. The role is designed for a highly skilled leader who will be responsible for developing, implementing, and maintaining the organization’s comprehensive cybersecurity strategy and governance framework. The successful candidate will drive cyber resilience, manage technology risks, and ensure strict compliance with regulatory standards to protect the institution’s information assets and critical business systems.

Position Details

• Position: Chief Information Security Officer

• Organization: Abans Finance PLC

• Job Location: Colombo, Sri Lanka

• Job Category: IT & Software, Management, Private Jobs

Company Overview

Abans Finance PLC is a member of the prestigious Abans Group, a household name in Sri Lanka. With assets over Rs. 20 billion, the company stands as one of the most innovative finance companies in the country. The company’s principal lines of business include finance leasing, vehicle loans, mortgage loans, Gold Loans, and acceptance of fixed and savings deposits. Operating island-wide and further backed by over four hundred Abans PLC outlets, the bank holds a long-term credit rating of ‘A-(lka)’/ Stable by Fitch Rating Lanka Limited, testifying to its successful journey and strong financial stability.

Qualifications & Experience

• Bachelor’s Degree in Information Security, Cybersecurity, Information Technology, Computer Science, or a related field.

• A Master’s Degree (MBA/MSc) is preferred.

• Professional certifications such as CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Lead Auditor, or equivalent cybersecurity certifications.

• Minimum 4–10 years of experience in Information Security, Cybersecurity, Technology Risk Management, or IT Governance, with at least 2–3 years in a leadership role.

• Experience in cybersecurity governance, risk management, security operations, incident response, cyber resilience, and third-party risk management.

Key Responsibilities

• Develop, implement, and maintain the organization’s cybersecurity strategy, policies, standards, and governance framework in line with business objectives and the CBSL Technology Risk Management and Resilience (TRMR) Guidelines.

• Establish and oversee the Technology Risk Management Framework, ensuring effective identification, assessment, monitoring, treatment, and reporting of cybersecurity and technology risks.

• Oversee security operations, including threat monitoring, vulnerability management, security assessments, incident response, cyber investigations, and remediation activities.

• Ensure compliance with all applicable regulatory, legal, and industry requirements, including CBSL TRMR Guidelines, Personal Data Protection Act (PDPA), and other relevant directives.

• Lead cyber resilience, disaster recovery, business continuity, and cyber crisis management programs to ensure operational resilience and regulatory compliance.

• Establish and maintain appropriate controls to safeguard information assets, customer information, and critical business systems from cyber threats and data breaches.

• Ensure cybersecurity requirements are embedded within digital transformation initiatives, technology projects, applications, infrastructure, cloud services, and third-party integrations.

• Oversee third-party and outsourcing risk management processes, ensuring vendors and service providers comply with security, privacy, and resilience requirements.

• Provide regular reporting and assurance to Senior Management, the Board Information Security Steering Committee (BISSC), the Board Integrated Risk Management Committee (BIRMC), and the Board on cybersecurity posture, technology risks, incidents, and compliance status.

Required Skills

• Demonstrated leadership, stakeholder management, communication, and Board reporting capabilities.

• Strong understanding of modern security technologies, cloud security, infrastructure security, application security, and data protection practices.

• Excellent analytical, problem-solving, and strategic planning skills.

Salary & Benefits

• An attractive negotiable remuneration package in keeping with experience and industry norms is on offer.

• Excellent career prospects and opportunities for further progression.

• Exposure to structured internal & external training programs.

Important Notes

• The operational scope requires full alignment with the Central Bank of Sri Lanka (CBSL) governance expectations.

• Applications must include contact details of two non-related referees.

• Candidates must explicitly indicate the post applied for in the subject line of the email or on the top left corner of the envelope.

• Submissions must be sent within 14 days of the publication of this advertisement.

How to Apply

Interested individuals who meet the criteria are invited to forward their updated resume directly to the human resources department via email.

Email Address: careers@abansfinance.lk