Senior Information Security Management Specialist

SENIOR INFORMATION SECURITY MANAGEMENT SPECIALIST 

Location: Kuala Lumpur, Malaysia (Remote/Hybrid) 

Reports to: Senior Director, Information Security 

Business: Global Data Centers 

ROLE SUMMARY 

Our client, a global data center provider, is hiring a Senior Information Security Management Specialist to own and mature the Information Security Management System (ISMS) across multiple frameworks, including ISO 27001, NIST, PCI DSS, GDPR and NIS2. 

This is a senior governance, risk and compliance role with clear responsibility for ISMS operations, risk management, audit and vulnerability oversight. The successful candidate will use automation and AI‑enabled tools to scale the security program rather than relying on manual effort alone. This is not a SOC analyst role; it is a senior GRC/ISMS leadership position.

KEY RESPONSIBILITIES 
1) Security Governance and ISMS Ownership 

·       Own the ISMS for the data center environment and keep it aligned with ISO 27001, NIST and internal policies 

·       Maintain and continuously improve the security policy, standard and procedure library 

·       Use AI‑assisted tools (policy assistants, regulatory mapping, documentation automation) to speed up updates and improve consistency 

2) Risk Management and Systems Authorization 

·       Lead security risk assessments for key systems, projects and suppliers and maintain a prioritized risk register 

·       Support "authorization to operate" decisions by providing structured risk analysis and evidence against standards and regulations 

·       Use dashboards and AI‑enabled analytics to surface top risks, trends and control gaps for senior leadership 

3) Audit, Certification and Regulatory Gap Assessments 

·       Plan, coordinate and support internal and external audits, including ISO 27001 certification and customer assessments 

·       Run regulatory and framework gap assessments across ISO 27001, NIST, PCI DSS, GDPR, NIS2 and similar regimes, with clear remediation plans 

·       Use automation and AI (for example, document summarization and intelligent sampling) to assemble evidence packs and track findings 

4) Vulnerability and Technical Risk Oversight 

·       Govern the vulnerability management program: define scope, SLAs, escalation and reporting; ensure the process goes beyond scanning and drives real remediation 

·       Partner with infrastructure and application teams to translate technical findings into clear business impact and remediation actions 

·       Use AI‑driven tools to combine vulnerabilities, asset criticality and threat intelligence into risk‑based remediation priorities 

5) Security Awareness and Culture 

·       Own the security awareness agenda: define the annual plan, run targeted campaigns and measure impact via metrics such as phishing results, training completion and policy understanding 

·       Educate teams on safe and compliant use of AI, including data handling, prompt hygiene, shadow AI risk and regulatory alignment 

·       Work with HR, Legal and Engineering to embed security and AI risk expectations into onboarding, objectives and leadership communications 

6) Data and AI Use in Security 

·       Champion responsible use of AI across the security program, ensuring confidentiality, integrity and compliance when using AI tools and platforms 

·       Help define guardrails for enterprise AI use (what data can be shared, how outputs are validated, how misuse is detected and managed) 

·       Evaluate AI‑enabled security products (GRC automation, continuous control monitoring, anomaly detection, etc.) and recommend adoption where they improve effectiveness or efficiency 

7) Stakeholder Engagement and Leadership 

·       Act as a key point of contact for technology, operations, compliance, legal, internal audit and major customers 

·       Present risk posture, audit status and remediation progress in concise, business‑oriented language to senior stakeholders 

·       Mentor junior security and GRC staff, including nearshore and remote team members, to build a strong pipeline of talent 

REQUIRED EXPERIENCE AND SKILLS 
·    8–10+ years of experience in information security or cybersecurity with a strong focus on governance, risk and ISMS management 
·       Demonstrated experience running or heavily contributing to an ISO 27001 ISMS (design, implementation, certification or surveillance audits) 
·       Advanced familiarity with: 
·       ISMS operations, audits and gap assessments 
·       Risk registers, mitigation plans and risk reporting 
·       Security awareness and cultural change programs 
·       Proven ability to operate in complex multi‑regulatory environments, ideally with exposure to NIST, PCI DSS, GDPR and NIS2 
·       Practical experience with vulnerability management tools and processes (governance and oversight, not just scanning) 
·       Comfortable using AI‑enabled and automated tools (policy assistants, GRC platforms with AI features, analytics dashboards or security "copilots") 
·       Strong communication skills and the ability to influence senior technical and non‑technical stakeholders 
·       Experience leading or coordinating remote and distributed teams is preferred 
PREFERRED CERTIFICATIONS 

·       ISO/IEC 27001 Lead Auditor or Lead Implementer 

·       One or more of: CISM, CISSP, CISA 

·       Additional credentials in risk, cloud security, or privacy are a plus 

---