Lead Information Security

Responsibilities & Context

ASA International is one of the world’s largest and fastest growing international microfinance banking institutions offering socially responsible loans to underbanked, low-income female micro-entrepreneurs in Asia and Africa (“ASA International” or the “Group”). ASA International promotes financial inclusion and has successfully shown that access to financial services helps to reduce poverty and promotes social-economic progress for its predominantly female client base.

ASA International has a premium listing on the main market of the London Stock Exchange and serves close to 2.3 million customers across 13 countries in Asia and Africa. It has corporate head offices in Amsterdam, the Netherlands as well as in Dhaka, Bangladesh.

ASA International provides small loans ranging from USD 250 to USD 2,000. Almost all customers are women that run small businesses, from small shops, restaurants, sewing businesses, to various trading activities and cottage industries.

Increasing financial inclusion and promoting social and economic development of our clients and their communities is at the heart of ASA International’s mission.

• SOC Operations & Governance: Establish and run SOC processes (24/7 or 8x5 + on-call), shift handovers, case management standards, and escalation paths.
• Incident Response Management: Lead and coordinate incident response activities across entities; run incident bridges, ensure evidence capture, and drive root-cause analysis and post-incident reviews.
• Stakeholder Management: Interface with local IT teams, Risk/Compliance, and senior management; provide clear updates during incidents and routine operational reporting.
• Detection & Monitoring Oversight: Ensure high reliability alerting by overseeing SIEM content, use-case coverage (e.g., privileged access abuse, malware, suspicious logins, data exfiltration), and noise reduction.
• Platform Ownership (oversight): Ensure SOC tooling health and coverage (SIEM, EDR/XDR, email security, identity logs, network/security devices), including onboarding of critical log sources and maintaining documentation.
• Threat & Vulnerability Alignment: Work with Vulnerability Management and relevant teams to ensure detection and response is aligned to critical vulnerabilities, emerging threats, and risk priorities.
• Quality Assurance: Review investigation quality, closure codes, and adherence to SOPs/playbooks; coach analysts and enforce consistent standards.
• Metrics & Continuous Improvement: Own SOC KPIs (MTTA/MTTR, alert-to-incident ratio, false positive rate, coverage), drive improvements, and support audit/regulator evidence requests.
• People Leadership: Train and mentor L1/L2 analysts; manage performance goals, shift rotas, and professional development.

Requirements

Education

• Bachelor of Science (BSc) in Computer Science & Engineering
• Bachelor of Science (BSc)
• Certifications (preferred):
• Security: CISSP / CISM / GIAC (e.g., GCIH) / CEH (or equivalent).
• SOC/IR: incident response or SOC analyst certifications are an advantage.
• Cloud/SIEM/EDR vendor certifications (e.g. Microsoft365) are an advantage.

Experience

• At least 8 years
• The applicants should have experience in the following business area(s): Financial Consultants, Group of Companies, Investment/Merchant Banking, IT Enabled Service