Information and Network Security GRC Senior Specialist

Are you ready to get ahead in your career?

• We want to empower you to turn your ambitions into achievements.
• We thrive in inclusiveness, diversity and embrace close collaborations for you to create impact for yourself and others.
• Together, we aim to bring the best of technology to help people, businesses and the nation to be ahead in a changing world.
• To realise our vision to become Malaysia's leading converged solutions company, we are looking for a new talent to innovate and grow with us in a culture that values commitment, performance and possibilities.

Why does this job exist and why is it critical?​

Job Summary

The role oversees compliance and risk management across critical technology systems, ensuring alignment with internal standards (INS/CoP), ISO/IEC 27001, and regulatory requirements. Responsibilities include managing control baselines, third-party risk, and audit readiness; coordinating regulatory and board reporting; conducting control testing and assurance; and maintaining dashboards and key risk indicators for senior governance forums.

What are you accountable for?

1.INS / CoP Compliance (NCII): Own the INS/CoP control baseline for critical systems across ISD and Telco Network; maintain the critical systems inventory, scope and control mapping; embed Technology & Cyber Risk Management and Cyber Resilience requirements into technical and procedural controls and SLAs.

2.Management, Regulatory & Board Reporting: Coordinate regulatory submissions (e.g., monthly/half‑yearly dashboards, incident notifications) and provide updates to senior governance bodies (e.g., TGC, ARC); track feedback and actions to closure.

3.ISO/IEC ISMS) Governance: Act as control owner/co‑owner for applicable Annex A controls; maintain accurate SoA, risk treatment plans, audit evidence; support internal/external ISMS audits, surveillance, and certification activities.

4.Third‑Party Risk Management (TPRM): Run end‑to‑end TPRM: vendor tiering, security questionnaires, evidence review, risk scoring, contractual security clauses (Cybersecurity General Policy & Consequence Management), tracking, and escalations for non‑responsive or high‑risk vendors. Ensure subcontractors inherit Maxis security obligations.

5.Control Testing & Assurance: Plan and perform control testing, walk‑throughs and sampling for INS/CoP, PDP, ISO 27001, and TPRM controls; produce clear findings and risk‑based remediation plans with accountable owners and target dates.

6.Metrics, KRIs & Dashboards: Develop and maintain compliance dashboards/metrics (INS/CoP, PDP, ISO 27001, TPRM). Present KRIs/KPIs to management forum, Technology Governance Committee (TGC) and ARC; ensure single source of truth for audit/regulatory evidence.

7.Incident & Resilience Enablement: Advise on incident classification, regulatory notification criteria and evidence capture for ISD & Network; ensure playbooks and runbooks reflect INS/CoP expectations and resilience targets (RTO/MTD).

What do you need to have to fit this role?

• Minimum 10 year of working experience in Telecommunication Network and/or Cybersecurity

• Bachelor's degree in Information Security, Computer Science, IT, Risk Management, or related field.

• Knowledge of INS/CoP, ISO/IEC 27001, and regulatory compliance frameworks.

• Experience in third-party risk management and vendor security assessments.

• Ability to manage audits, control testing, and remediation planning.

• Skilled in compliance reporting, dashboarding, and presenting KRIs/KPIs.

• Strong stakeholder engagement and communication skills.

• Relevant certifications (e.g., ISO 27001, CISA, CRISC, CISSP) are an advantage.

What's next?

• Once you've applied online, our team will carefully review your application. Due to a high volume of applications, we appreciate your patience to allow for a fair and timely review process.
• Should you be shortlisted for the role, we will send you an invitation via email for a digital interview. You can also check on your application status by logging into your candidate account.

Maxis values diverse voices & people. We hire and reward our employees based on capability & performance — regardless of ethnicity, gender, age, education, religion, nationality or physical ability.