Job Description
Chief Information Security Officer
Abans Finance PLC is a member of the prestigious Abans Group, a household name in Sri Lanka. With assets over Rs. 20 billion, we are one of the most innovative finance companies in Sri Lanka. The company's principal lines of business include finance leasing, vehicle loans, mortgage loans, gold loans and acceptance of fixed and savings deposits. The company currently operates across the island and is further backed by over four hundred Abans PLC outlets island wide. The long-term credit rating of Abans Finance PLC is 'A- (Ika)/ Stable' by Fitch rating Lanka Limited which stands as a testament to the successful journey of the company and its strong backing of the parent company. Abans Finance PLC is seeking a dynamic, result-oriented individual to be a part of its winning team.
Key Responsibilities
- Develop, implement, and maintain the organization’s cybersecurity strategy, policies, standards, and governance framework in line with business objectives and the CBSL Technology Risk Management and Resilience (TRMR) Guidelines.
- Establish and oversee the Technology Risk Management Framework, ensuring effective identification, assessment, monitoring, treatment, and reporting of cybersecurity and technology risks.
- Oversee security operations, including threat monitoring, vulnerability management, security assessments, incident response, cyber investigations, and remediation activities.
- Ensure compliance with all applicable regulatory, legal, and industry requirements, including CBSL TRMR Guidelines, Personal Data Protection Act (PDPA), and other relevant directives.
- Lead cyber resilience, disaster recovery, business continuity, and cyber risk management programs to ensure operational resilience and regulatory compliance.
- Establish and maintain appropriate controls to safeguard information assets, customer information, and critical business systems from cyber threats and data breaches.
- Provide regular reporting and assurance to Senior Management, the Board on Information Security posture, risk, and performance indicators including cyber risk indicators and metrics.
- Oversee cyber security training and awareness, and ensure third-party vendors and service providers comply with security, privacy, and resilience requirements.
Key Requirements
- Bachelor’s Degree in Information Security, Cybersecurity, Information Technology, Computer Science, or a related field. A Master’s Degree (MBA/MSc) is preferred.
- Professional certifications such as CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Lead Auditor, or equivalent cybersecurity certifications.
- Minimum 4–10 years of experience in Information Security, Cybersecurity, Technology Risk Management, or IT Governance, with at least 2–3 years in a leadership role.
- Experience in cybersecurity governance, risk management, security operations, incident response, cyber resilience, and third-party risk management.
- Demonstrated leadership, stakeholder management, communication, and Board reporting capabilities.
- Strong understanding of modern security technologies, cloud security, infrastructure security, application security, and data protection practices.
Build a Purposeful Career with Abans Finance PLC
The above positions offer excellent career prospects and opportunities for further progression together with internal and external training. An attractive negotiable remuneration package in keeping with experience and industry norms is offered.
Application Process
Please forward your resume to careers@abansfinance.lk or by post to Head of Human Resources, Abans Finance PLC, No. 456, R. A. De Mel Mawatha, Colombo 03, with contact details of two non-related referees indicating the period of acquaintance with the applicant within 14 days of this advertisement.