IT Compliance Manager

Role Overview

The Compliance Officer (Technology Governance) ensures the organization complies with IT and cyber security standards, including RMiT, PCI DSS, ISO 27001, and PayNet requirements. As the single point of contact for all IT-related audits, the oƯicer oversees governance, risk management, and policy enforcement, while driving security awareness initiatives. This role works closely with key departments such as Cyber security, Internal Audit, Legal, IT Operations, Infrastructure, Quality Assurance (QA), and Business Units to maintain audit readiness and regulatory alignment. A strong understanding of ITIL, change management, and service management is essential to embed compliance into daily IT operations.

Key Areas of Responsibilities:
**Governance**
- Collaborate with internal stakeholders, including IT, Cyber security, and Business Units, to understand and address their network and cloud needs.
- Develop, implement, and enforce robust IT and cyber security policies aligned with regulatory requirements and industry best practices.
- Maintain a comprehensive IT security governance framework including policies, standards, and procedures.
- Ensure cyber security is integrated into the organization’s broader risk management strategy by engaging senior leadership.
- Monitor emerging cyber security threats and regulatory changes and update internal policies accordingly.
- Maintain and test the organization’s Security Incident Response Plan (SIRP) and Business Continuity/Disaster Recovery (BCP/DR) plans to ensure preparedness.

**Risk Management.**
- Conduct regular risk assessments, IT control reviews, and vulnerability scans to identify and mitigate risks.
- Maintain and update the IT risk register with input from technical teams and ensure proper documentation of treatment plans.
- Collaborate with cyber security and infrastructure teams to validate patching, system hardening, and endpoint protections.
- Ensure third-party vendors comply with IT risk and security standards during on boarding and ongoing reviews.
- Verify that vulnerability management practices meet regulatory expectations.
- Ensure documentation is maintained for vulnerability scans, remediation actions, and exception handling.
- Perform periodic reviews of patching SLAs and ensure high/critical vulnerabilities are resolved within compliance timelines.

**Compliance and Audit**
- Ensure adherence to regulatory requirements such as RMiT, PCI DSS, PayNet’s System Audit, and other industry-specific standards.
- Act as the main liaison for internal and external audits, including documentation preparation, walk through coordination, evidence collation, and audit responses.
- Monitor compliance with access control, encryption, logging, HSM key lifecycle and data retention requirements.
- Conduct periodic audits and compliance reviews across IT systems and processes.
- Manage the compliance calendar and provide regular reporting to the CIO and governance committees

**Awareness and Training**
- Develop and conduct regular awareness programs for employees, tailored to their department and risk exposure.
- Promote a culture of compliance and data protection awareness across the organization.
- Share updates on new threats, policy changes, and audit findings through newsletters, town halls, or internal platforms.
- **Qualifications**_
- Bachelor’s degree in information systems, Computer Science, Cyber security, Law, or a related field.
- 5 to 10 years of experience in IT compliance, cybersecurity audit, IT governance, or risk management, preferably within a financial institution or regulated industry.
- In-depth knowledge of regulatory frameworks and standards including RMiT, PCI DSS, ISO 27001, and PayNet requirements.
- Proven experience in managing internal and external audits, preparing regulatory reports, and leading cross-functional compliance reviews.
- Familiarity with IT security technologies such as firewalls, virtual servers, HSMs, access controls, and IT service management tools.
- Solid understanding of ITIL practices, change management, and service management processes.
- Excellent analytical, communication, and report-writing skills with attention to detail and regulatory alignment.
- Certifications such as CISA, CRISC, CGEIT, ISO 2700, or ITIL Foundation (or higher) are an advantage.

**Preferred Skills**
- Experience working with regulators such as BNM, PayNet, and PCI QSA.
- Familiar with Hardware Security Module (HSM).
- Understanding of secure SDLC and cloud compliance models
- Strong stakeholder engagement, influencing, and vendor management skills.

**Job Types**: Full-time, Permanent

Pay: RM8,000.00 - RM9,000.00 per month

**Benefits**:

- Health insurance
- Maternity leave
- Opportunities for promotion
- Parental leave
- Professional development

Schedule:

- Day shift

Work Location: On the road