Tech Risk and Cybersecurity Specialist

Company Overview:

We are a new and innovative regulated digital asset custodian company based in Malaysia. Our mission is to provide secure and regulatory-compliant custody solutions for digital assets, ensuring the safety and integrity of our clients' digital holdings through robust security measures and cutting-edge technology.

Job Summary:

The Technology Risk and Cybersecurity Specialist is responsible for identifying, assessing, and mitigating identified risks to the organization's technology and information systems, including data. This role involves developing and implementing controls on the technology front, covering technology processes and cybersecurity to protect the organisation against cyber threats, ensuring technology compliance with regulations and managing technology-related incident response activities. The ideal candidate will have a good understanding of technology related regulations, technology risk management, cybersecurity practices and have some implementation experience of industry best practices to help safeguard the organization and its assets.

Key Responsibilities:

Risk Assessment and Management:

• Conduct IT risk assessments to identify technology-related risk, including cybersecurity related threats and vulnerabilities.
• Develop and implement risk mitigation strategies to mitigate the identified IT risks.
• Perform periodic monitoring of existing technology-related controls (including cybersecurity related controls) to provide assurance of their operating effectiveness in alignment with the business objectives.
• Collaborate with other teams to ensure technology risk management practices are consistently performed and integrated into all aspects of the business.

Technology and Cybersecurity Strategy and Implementation:

• Ownership of Technology and Cybersecurity policies and procedures to oversee its continuous improvement and implementation of technology-related controls (including cybersecurity).
• Conduct regular Technology and security audits/reviews to ensure compliance with regulations and international best practices, including taking ownership of remediation actions.
• Oversee vulnerability assessments and penetration testing and follow-up on the remediation of identified vulnerabilities.
• Stay updated on the latest cybersecurity trends and threats, and proactively recommend improvements.

Incident Response and Management:

• Lead the incident response team in identifying, analyzing, and responding to IT and cybersecurity incidents.
• Develop and maintain incident response plans and ensure all stakeholders are trained and prepared.
• Coordinate with external partners and law enforcement in the event of a significant IT security breach.
• Document and report on IT security incidents, providing detailed analysis and recommendations to mitigate against future occurrence.

Compliance and Regulatory Requirements:

• Ensure the organization's technology and cybersecurity practices comply with relevant laws, regulations, and industry standards.
• Collaborate with legal and compliance teams to manage audits and regulatory inspections.
• Maintain up-to-date knowledge of relevant regulations such as Securities Commission's Technology related guidelines and publications, and industry-specific standards (e.g. ISO 27001, ISO 27017, ISO 27018, SoC2, etc.).

Training and Awareness:

• Develop and deliver training programs to educate employees on IT security best practices.
• Promote a culture of IT security awareness throughout the organization.
• Provide guidance and support to staff on IT and cybersecurity related issues.

Others:

• Assist with various ad-hoc projects as assigned by management.

Qualifications:

Education and Experience:

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Engineering, or a related field.
• Minimum of 4 years of relevant working experience in cybersecurity, technology risk management, technology audit, or a related area.
• Professional certifications such as CISSP, CISA, CISM, CRISC, or equivalent are highly desirable.

Skills and Competencies:

• Strong understanding of cybersecurity frameworks (e.g., ISO/IEC 27001, NIST, SANS, SoC 2, etc.).
• Proficiency in risk assessment methodologies and tools.
• Relevant working experience with security technologies, including firewalls, IDS/IPS, SIEM, and encryption.
• Excellent problem-solving skills and the ability to manage complex IT and/or cybersecurity incidents.
• Strong communication skills with the ability to convey technical concepts to non-technical stakeholders.
• Ability to work independently and as part of a team in a fast-paced environment.

Additional Information:

• Occasional travel may be required.
• On-call availability for emergency incident response.
• This role reports to the Head of Risk.