199 Cybersecurity Analysts jobs in Kuala Lumpur

• Ongoing leadership and review of IT security
• Implementing and designing cyber security policies, procedures, and system solutions in line with industry standards and certifications
• Operate, conduct, and maintain DUG’s SIEM platform and conduct regular security audits of systems, policies, procedures, network configuration, operating systems, authentication systems, permission structures
• Serve as the DUG point person for third-party security audits
• Provide pre-sales security briefings / Q&A to DUG HPC Cloud customer security teams
• Work with DUG HPC Cloud customers and DUG teams on security integration
• Provide strategic-level guidance for DUG’s cyber security program and ensure compliance with cyber security policies, standards, regulations, and legislation, working with senior executives within DUG
• Ensure the alignment of cyber security and business objectives within DUG, facilitating communication between cyber security and business stakeholders, translating cyber security concepts into business language, and advising on security measures for new projects
• Contribute to the development and maintenance of DUG’s business continuity and disaster recovery plans to enhance resilience and ensure operational continuity
• Report on the security risk profile, status of key systems, outstanding risks, security uplift activities, recent incidents, and cybersecurity investment returns
• Oversee DUG’s response to cybersecurity incidents, including internal communication and response strategies
• Apply a consistent vendor management process across the organization, from discovery to ongoing management

Job Description

Part A: Risk Management

i. Develop and maintain the Technology Risk Management Framework TRMF and Cyber Resilience Framework CRF via the following:

• Assist to develop risk mitigation strategies and formulate enhancements to the TRMF and CRF to maintain a framework that remains relevant in identifying and mitigating significant risks in the achievement of business objectives.
• Assess and regularly analyze IT risks, by evaluating the impact and likelihood of the identified IT risks and prioritise them via maintenance of IT risk registers.
• Develop and enforce disaster recovery and business continuity plans to address potential cybersecurity incidents.

ii. Perform analysis and risk assessment of proposed new products/ new IT vendors to ensure new initiatives/ vendor appointments commence in a manner that minimizes risk to the organization.

iii. Conduct assessment on the Company's compliance with relevant regulatory requirements and policies.

iv. Collaborate with cross-functional teams to integrate security measures into all aspects of the organization's infrastructure, and ensure compliance with industry regulations and internal policies.

v. Enforce risk evaluations of third-party IT outsourcing service providers (OSPs) and ensure appropriate due diligence is performed to identify, mitigate, and maintain ongoing awareness of risks to the Company resulting from IT OSPs.

vi. Provide guidance on the secure design, development, and deployment of new systems and applications.

Part B: Security Awareness

i. Enforce cyber hygiene training and ensure that the trainings are adequately conducted at relevant levels/ departmental functions.

ii. Analyze and assess relevance and impact of cyber threat alerts received, and prepare reports and recommend remedial/ mitigation measures where relevant.

iii. Stay up to date with the latest trends, technologies, and threats in the cybersecurity field.

iv. Recommend and implement security improvements, leveraging emerging technologies to strengthen the organization's security posture.

Part C: Incident Response and Crisis Management

i. Lead incident response efforts in case of a security breach or cyberattack, ensuring effective resolution and communication.

ii. Coordinate with cross-functional teams and third party service providers to provide timely and effective cyber incident responses.

iii. Post-incident, lead efforts to identify root causes, implement corrective actions, and prevent future occurrences.

Requirement

• Experience in performing IT audits and risk assessment assignments.
• Strong understanding of relevant cybersecurity regulations and standards (e.g., BNM Risk Management in Technology, PCI DSS, NIST Cybersecurity Framework).
• Clear understanding of IT operations with an information security perspective and its interaction with risk appetites to ensure compliance with industry, regulator, and card scheme requirements.
• Able to evaluate IT internal controls and identify opportunities for controls improvement.
• Strong analytical and problem-solving skills.
• Able to multi-task and possess effective time management skills.
• Able to produce high quality work deliverables on timely basis.
• Excellent written English and interpersonal skills, a team player and communicator, and a self starter.

Job Types: Full-time, Permanent

Pay: RM7, RM9,000.00 per month

Benefits:

• Maternity leave
• Opportunities for promotion
• Professional development

Education:

• Bachelor's (Preferred)

Experience:

• IT audit, IT security and/or cybersecurity: 5 years (Required)

License/Certification:

• Professional Cert (CISSP, CISM, CISA, CEH, CompTIA Security) (Required)

Location:

• Kuala Lumpur (Required)

Work Location: In person

As Information Security Engineer of Boost Digital Bank, your primary responsibility will be protecting Boost Bank environment and data from potential security threats. You will collaborate closely with cross-functional teams to design and implement security controls.

• Create and maintain the security controls of the infrastructure that follows industry best practices.
• Work with engineering team to ensure that applications and projects are secure on delivery.
• Monitor network and system activity for suspicious behavior or unauthorised access.
• Liaise with security operations on security incidents investigations.
• Conduct vulnerability testing and security testing.
• Identify and assess risk and vulnerabilities of applications and infrastructure.
• Support information security awareness initiatives
• Able to prepare IT Security related reporting
• Maintain awareness of latest security threats and respond to security incidents.

Job Requirements & Criteria:

• At least 3 years of working experience on cyber security.
• Good understanding in public cloud platforms such as AWS or Azure.
• Good understanding of cybersecurity principles, networking concepts and operating systems.
• Experienced in using security tools and technologies for monitoring, detection, and prevention.
• Familiarity with cyber security framework and standards.
• Ability to work collaboratively in cross-functional teams.
• Excellent problem-solving and critical-thinking abilities.
• Strong communication and interpersonal skills.

Part A: Risk Management

i. Develop and maintain the Technology Risk Management Framework TRMF and Cyber Resilience Framework CRF via the following:

· Assist to develop risk mitigation strategies and formulate enhancements to the TRMF and CRF to maintain a framework that remains relevant in identifying and mitigating significant risks in the achievement of business objectives.

· Assess and regularly analyze IT risks, by evaluating the impact and likelihood of the identified IT risks and prioritise them via maintenance of IT risk registers.

· Develop and enforce disaster recovery and business continuity plans to address potential cybersecurity incidents.

ii. Perform analysis and risk assessment of proposed new products/ new IT vendors to ensure new initiatives/ vendor appointments commence in a manner that minimizes risk to the organization.

iii. Conduct assessment on the Company's compliance with relevant regulatory requirements and policies.

iv. Collaborate with cross-functional teams to integrate security measures into all aspects of the organization's infrastructure, and ensure compliance with industry regulations and internal policies.

v. Enforce risk evaluations of third-party IT outsourcing service providers (OSPs) and ensure appropriate due diligence is performed to identify, mitigate, and maintain ongoing awareness of risks to the Company resulting from IT OSPs.

vi. Provide guidance on the secure design, development, and deployment of new systems and applications.

Part B: Security Awareness

i. Enforce cyber hygiene training and ensure that the trainings are adequately conducted at relevant levels/ departmental functions.

ii. Analyze and assess relevance and impact of cyber threat alerts received, and prepare reports and recommend remedial/ mitigation measures where relevant.

iii. Stay up to date with the latest trends, technologies, and threats in the cybersecurity field.

iv. Recommend and implement security improvements, leveraging emerging technologies to strengthen the organization's security posture.

Part C: Incident Response and Crisis Management

i. Lead incident response efforts in case of a security breach or cyberattack, ensuring effective resolution and communication.

ii. Coordinate with cross-functional teams and third party service providers to provide timely and effective cyber incident responses.

iii. Post-incident, lead efforts to identify root causes, implement corrective actions, and prevent future occurrences.

REQUIREMENTS:

· Experience in performing IT audits and risk assessment assignments for at least 5 years.

· Experience developing, implementing, and reviewing security policies, risk assessments, and frameworks (ISO 27001, NIST, etc.)

· Hands-on work in incident response, vulnerability management, or Security Operations Centre SOC environments (a plus if they've led Incident Response IR playbooks).

· Experience dealing with audits and regulators (especially BNM, if local), understanding of RMiT, PCIDSS, or GDPR.

· Worked on or led ISO 27001 certification/maintenance.

· Familiarity with SIEM, endpoint protection, DLP, IDS/IPS, etc.

· Reviewed contracts and SLAs, managed vendor risk assessments.

· Participated in secure software development or secure system implementation projects.

· Excellent written English and interpersonal skills, a team player and communicator, and a self-starter.

· Bachelor's Degree (or equivalent) and above.

*Profession certification (such as CISSP, CISM, CISA, CEH or CompTIA Security+ or equivalent).

Position: Information Security Engineering Lead

Mode: Renewable contract

Key Responsibilities

• Acts as a team leader providing guidance to Security Engineering team and sets goals and assists the team in accomplishing those goals.

• Manage security architecture and provide consultancy to strengthen security design

• Coordinate with the team to manage security tools (IPS, SIEM, VA scan, DLP, AV, ATP)

• Coordinate with project manager to deliver security projects/initiatives and provide technical consultancy

• Coordinate with the vendor to perform maintenance and enhancement activities on security tools.

• Coordinate vulnerability/security posture assessment and track remediation for closure

• Coordinate with vendor to perform Penetration test and track the finding for closure

• Collate and provide evidence/submission requested by various party (risk management/auditor/regulator) to confirm the security policies, processes, guidelines, controls are followed/implemented accordingly

Requirements:

• A Bachelor's Degree in Computer Science, Engineering, Information Systems or its equivalent.

• Minimum 8-15 years of related working experience. Knowledge of IT security is essential. Industry certifications will be a plus e.g. CRISC, CISSP, CEH, CISM and CISA.

• Highly result oriented and can work independently. Must be a self-reliant team player who is comfortable with managing multiple tasks and responsibilities.

• Ability to build relationship and interact effectively with internal and external parties. Strong engagement skills with stakeholder i.e. business and technology, will be a plus.

• Good analytical, technical, written and verbal communication skills.

• Ability to exercise discretion and independent judgment in applying established techniques, procedures or standards

Technical expertise in one or more of the following

o Network Concepts and Security, Encryption/Authentication fundamentals, Access Management, Application Security, Platform (Windows. UNIX/Linux) Security, Database Security

o Hands-on experience in various security tools (e.g. SIEM, IPS, Firewall, Vulnerability scanner tools, APT , XDR , NDR and forensic tools)

Familiar with security standards and best practice; regulatory requirement such as BNM RMIT, MAS, Paynet, PCI-DSS; Architecture and security of operating system.

Entity:
Technology

Job Family Group:
IT&S Group

Job Description:
To enable the world to reach net zero, bp are looking for the brightest digital specialists to drive innovation as it transitions from an International Oil Company (IOC) to an International Energy Company (IEC).

Are you passionate about protecting what matters most? We're seeking someone who is passionate about identifying and implementing security solutions that make bp a cyber resilient organisation Our Business Information Security team partners with the business to help them understand cyber risk and be accountable for cyber security.

We're looking for curious minds who are driven by opportunities to build value and deliver secure products and services to advance bp's strategy.

Let me tell you about the role

In the digital era, where data breaches and cyber threats are not just possibilities but realities, the role of a Global Information Security Specialist has never been more critical. Working closely with bp's business areas, you will support the protection of IT systems and business data that are important to bp's operations.

You will conduct security assessments, respond to security queries, and provide security expertise. Your expertise will help ensure that business teams can operate with confidence, knowing their systems and processes are secure.

Ready to make a real impact in energy security? Join us in safeguarding the people, processes and systems that power our transition to net zero

What you will deliver

In this role you will deliver security activities to support bp's business. This role focuses on hands-on security assessment and advisory activities with the following key accountabilities:

• Security Assessments: We need someone that can conduct comprehensive assessments of systems, identifying risks and issues while recommending appropriate remediation measures.
• Technical & Non-Technical Risk Advisory: You'll assess and communicate cybersecurity risks. We want our customers to understand potential impacts and mitigation strategies clearly.
• Cyber Behaviour Promotion: We strive to build a strong cyber security culture. You'll assist with the development and promoting good cyber behaviours in day-to-day operations.
• Incident Management Support: When security incidents happen, we need you to provide specialist security expertise. You'll support incident response activities and improvement recommendations.
• Customer Support: We want you to act as the go-to point of contact for information security. You'll provide timely and accurate expertise on security matters affecting their systems or data.
• Assess and Evaluate: You'll perform regular security assessments of business systems. We use established methodologies to identify potential risks, weaknesses and security gaps.
• Respond and Advise: We require someone who can offer our customers practical and tailored cyber security solutions. These solutions must align with operational requirements.
• Analyze and Report: You'll evaluate risks and prepare clear, actionable recommendations, and communicate these with both business and technical audiences.
• Support and Collaborate: We work closely with business teams to implement security measures. You'll help maintain robust security posture while aligning with operational needs.
• Promote and Educate: We nurture positive cyber security behaviours You'll work through targeted awareness activities, training support, and expert guidance.
• Monitor and Review: We want someone who understands the security landscape affecting bp systems and stay ahead of emerging threats and industry standard methodologies.

What you will need to be successful (experience and qualifications)

• Bachelor's degree or equivalent experience in Information or Cyber Security, Computer Science, Engineering.
• Working towards professional certifications such as Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Security Professional (CISSP), or CompTIA Security+.
• Knowledge of security frameworks such as ISO 27001/2, NIST, and CIS framework.
• Previous track record in information security roles in Finance, HR, Trading, Retail, Supply or Oil and Gas companies.
• Ability to explain security concepts to a variety of audiences.
• Solid grasp of cyber risk assessment methodologies and the ability to translate technical findings into business impact assessments.
• Attention to detail and ability to work independently while balancing multiple activities.
• Ability to adapt security recommendations to different operating environments.
• Ability to use technology, data, and insights to enable decision making.

About Bp
Bp is a global energy business with a purpose to reimagine energy for people and our planet. We aim to be a very different kind of energy company by 2030, helping the world reach net zero and improving people's lives. We are committed to creating a diverse and inclusive environment where everyone can grow and succeed. Join bp and become part of the team building our future

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Travel Requirement
No travel is expected with this role

Relocation Assistance:
This role is not eligible for relocation

Remote Type:
This position is a hybrid of office/remote working

Skills:
Automation system digital security, Client Counseling, Conformance review, Digital Forensics, Incident management, incident investigation and response, Information Assurance, Information Security, Information security behaviour change, Intrusion detection and analysis, Legal and regulatory environment and compliance, Risk Management, Secure development, Security administration, Security architecture, Security evaluation and functionality testing, Solution Architecture, Stakeholder Management, Supplier security management, Technical specialism

Legal Disclaimer:
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, socioeconomic status, neurodiversity/neurocognitive functioning, veteran status or disability status. Individuals with an accessibility need may request an adjustment/accommodation related to bp's recruiting process (e.g., accessing the job application, completing required assessments, participating in telephone screenings or interviews, etc.). If you would like to request an adjustment/accommodation related to the recruitment process, please contact us.

If you are selected for a position and depending upon your role, your employment may be contingent upon adherence to local policy. This may include pre-placement drug screening, medical review of physical fitness for the role, and background checks.

Job Description: Information Security Internship

1. Design and develop posters for cyber & physical security awareness
2. Develop short video clips on cybersecurity
3. Neaten information security & technology risk management documentation
4. Collect and collate information for security risk assessment
5. Assist in preparing presentation slides for reporting purposes
6. Perform information security office administration tasks

DUG is looking for an Information Security Officer to join our global team. In this role, you'll take ownership of our cybersecurity posture, shaping policies, monitoring for threats, and implementing best practices to protect our data, systems, and users.
We operate primarily in a Linux-based environment, so a strong foundation in Linux security is essential.

You will work closely with our IT, software, and HPC teams to ensure security is integrated into every layer of our operations.

You will also facilitate communication between cyber security and business stakeholders. This includes translating cyber security concepts and language into business concepts as well as ensuring that business teams consult with cyber security teams to determine appropriate security measures when planning new business projects. Additionally, you will be responsible for the development of the strategic-level cyber security program, being best placed to advise projects on the strategic direction of cyber security.

If you're a security-minded professional who loves staying ahead of cyber threats, designing secure systems, and creating awareness across an organisation, we want to hear from you.

List of Responsibilities:

• Ongoing leadership and review of IT security. Ensure the alignment of cyber security and business objectives within DUG.
• Implementing and designing cyber security policies, procedures and system solutions in line with industry standards and certifications
• Take ownership of ISO 27001 implementation, compliance, and continual improvement
• Operate, conduct, and maintain DUG's SIEM platform (Wazuh) and conduct regular security audits of systems, policies, procedures, network configuration, operating systems, authentication systems, permission structures
• Own and manage the patching and vulnerability scanning process, including the use of tools such as OpenVAS or Nessus (preferred)
• Serve as the DUG point person for third-party security audit(s)
• Provide pre-sales security briefings / Q&A to DUG HPC Cloud customer security teams
• Work with DUG HPC Cloud customers and DUG teams on security integration
• Provide strategic-level guidance for DUG's cyber security program and ensure compliance with cyber security policy, standards, regulations and legislation, working with the senior executives within DUG
• Contribute to the development and maintenance of DUG's business continuity and disaster recovery plans, with the aim to improve business resilience and ensure the continued operation of critical business processes
• Report on the DUG's security risk profile, the status of key systems and any outstanding security risks, any planned cyber security uplift activities, any recent cyber security incidents, and expected returns on cyber security investments
• Oversee DUG's response to cyber security incidents, including how internal teams respond and communicate with each other during an incident
• Ensure that a consistent vendor management process is applied across their organisation, from discovery through to ongoing management

Job Requirements:

• Minimum of 10 years of experience in Information Systems and/or Security Management roles
• Solid understanding of information security principles and frameworks such as ISO 27001, NIST, and industry best practices
• Strong hands-on experience securing Linux-based systems and environments
• Familiarity with threat detection, vulnerability management, and incident response
• Proficient knowledge of firewalls, intrusion detection/prevention systems, and endpoint protection tools
• Proven ability to develop, implement, and enforce effective security policies and procedures
• Excellent communication skills, including the ability to lead and deliver security training and awareness programs

The following experience is desirable, but not mandatory:

• Experience with CI/CD pipelines, Terraform, DevSecOps, and Kubernetes
• Familiarity with Palo Alto or other Next-Generation Firewalls (NGFWs)

DISCLAIMER

The offer is subjected to pre-employment screenings that may include, but are not limited to:

• Verification of your right to work in the respective location
• Provision of applicable and relevant qualifications
• Nationally approved criminal history check

The Cyber Security Manager will support VF's Global Cyber Security Team by ensuring that information security risks associated with complex business operations are within acceptable tolerances.

You will perform information security risk assessments, provide direction and guidance to stakeholders concerning the handling of security risks associated with assessment findings, assist with the design of appropriate risk mitigation strategies, and serve as an audit quality assurance gate for internal and external auditors while driving compliance and audit work related to data privacy.

How You Will Make a Difference
You will achieve this by:

• Collaborating with information technology and other business units to identify cybersecurity risks associated with current and planned projects.
• Performing assessments of external party information security controls to ensure they meet or exceed VF's information security risk management requirements for the services to be provided.
• Determining information security risk profiles for various vendor and business partner services using questionnaires, relevant industry best practices and standards, and knowledge of VF policies.
• Recommending solutions to eliminate, reduce, or mitigate cybersecurity risk, and communicate said solutions to external parties and/or internal business stakeholders as appropriate.
• Providing direction and guidance as needed to internal project stakeholders concerning statutory, regulatory, and VF policy requirements.
• Reporting status of engagements to Global Cyber Security management, project managers, and other business stakeholders as appropriate.
• Assisting in enforcing information security policies, standards, and procedures. Review requests for exceptions to security policies and provide recommendations to management.
• Serving as a focal point for MLPS and provide advisory around MLPS and other APAC data privacy laws related controls and processes.
• Acting as focal point for Regional PCI-DSS assessments, vulnerability assessments and other security operations.
• Researching and advocate new technologies, architectures, and products that will support security requirements for the enterprise and its customers, business partners, and vendors.
• Performing other information security risk management tasks as assigned.

Skills For Success
A formal education and subsequent University Bachelor or Master's degree in information systems, computer science, or related field are preferred, but we are most interested in your total experience and professional achievements. That's why:

• You rely on 5+ years of information security risk management, IT audit, and/or IT controls design and implementation experience.
• You possess a Certified Information Systems Security Professional (CISSP) certification, Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or similar credentials.
• You are familiar with industry best practises related to security and data privacy in Cloud environments.
• You have functional understanding of industry frameworks, regulations, legislation, and audit methodologies, including SOC 1, SOC 2, ISO 27001, SIG, NIST Cybersecurity Framework, Sarbanes-Oxley (SOX), PCI-DSS, MLPS and various other privacy laws.
• You are apt to broker complex discussions to achieve the proper balance between business needs and cybersecurity best practices.
• You possess the ability to influence others through persuasion to arrive at desired outcomes.
• You communicate effectively with a broad range of people and roles, including vendors, information technology professionals, and other business personnel.
• You desire to seize the initiative, operate proactively, and work in a highly independent manner.
• You are fluent in English and Mandarin, any other Asian languages are a plus.

R