Cybersecurity Compliance Specialist

You are:

- You are self-driven, motivated, resourceful, and able to provide consultation on complex security governance and standards

and assurance on ISO 27001, Risk management - Guidelines, provides principles, a framework, and a process for managing risk.
- Experience in Telecommunications, Security Compliance, Third Party Vendor Security Governance, Risk Compliance

development, operations, and advisory/security assurance management coordination across multiple organizations.
- Able to understand work with cross function and group, third party service provider and internal engagement for consulting,

projects, risk management and assessments across organization.
- Able to develop and drive Security VAPT program across organization and Third-Party Vendors and Managed Service

Provider.
- You are obsessed with quality and adopt a strong risk-based approach on design and implement the best security best

practices for an organization’s needs.
- Able to identify Security Risk and engage with stakeholders on continues improvement to reduce risk and increase security

maturity in organization.
- ISO 27001 ISMS & ISO 31000 Risk management - Guidelines, provides principles, a framework, and a process for managing risk.

Your Responsibilities:
▪ Responsible manage for Information Compliance program & initiatives coordination on VAPT, Threat landscape, Implemented

controls, Insider behavioral analysis, External Third Party within internal organization and third party (MSP, Vendors,

Customers)

▪ Coordinate Compliance Management program and Security team which associates providing information security

development, security metrics, and overall technology compliance management.

▪ Provided management security governance compliance reporting on VAPT and impact for senior management, security

management and stakeholders on Internal & external,

▪ Managed Service Provider, Regulatory bodies, Third party compliance

▪ Develop and Improve information security compliance assurance coordinating with all divisions.

▪ Lead security related compliance activities and guided in implementing supporting technology and effective security control

processes within the development and operation environments.

Sensitivity: Internal

▪ Champion risk-based compliance governance, improve information security management program across business function.

▪ Plan, manage and execute the security GRC functions using best practice audit guidelines.

▪ Work closely with management (Group, Senior Management, CDM, CDL, CDX, CDU) on over audit findings compliance issues,

recommendations, management’s response, and implementation.

▪ Perform information security quarterly assessments, compliance maturity review to ensure that information systems are

adequately protected to meet organization security policy requirements.

▪ Active involvement in group level with corporate legal advisors and internal auditors on PDPA, NIS, ISMS, PCI-DSS related

compliance and MCMC governance.

▪ Govern SLA/KPI improvement on security compliance and cyber security.

▪ Provide timely, comprehensive, and accurate analysis results.

▪ Guide team on security GRC activities to be performed.

Experience and Requirements
- Subject Matter Expert Security Audit, Compliance Governance Team.
- Control, Develop Security Non-Compliance framework, Process & Procedure Management
- Develop Security baseline development & adoption.
- Governance Awareness/Training & Delivery
- Governance Security Compliance management
- Compliance programs (ISMS, etc)
- Security Liaison for Compliance, IM, Privacy Team, across BU &
- Manage Third Party Vendor, MSP Management.
- Experience and exposure on ISF, NIST, ISO/IEC 27001, CIS, CSA CCM, OWASP, GSMA guideline added advantage

Your Merits:
▪ Bachelor’s degree in, Computer Science OR equivalent through experience.

▪ Certifications (e.g. CISSP, CISA, ISO7001 Lead Auditor, CISM, MoR)

▪ More than 3 years’ experience in leading Security Compliance Cyber management team, Cyber Security Governance, and

Improvement or similar.

▪ Must show in-depth understanding of concepts such as ITIL, ISF, NIST, ISO 27001, ISO 31000, PCI DSS, APT, VAPT, cyber kill

chain, etc.

▪ Excellent in written and oral English.

**Job Types**: Full-time, Contract
Contract length: 9 months

Pay: RM5,000.00 - RM6,000.00 per month

**Benefits**:

- Health insurance
- Maternity leave
- Opportunities for promotion
- Parental leave
- Professional development

Schedule:

- Monday to Friday