702 Director Of Security jobs in Malaysia

Associate Director, Application Security

The incumbent will be managing 9 team members under Singapore Technology Centre and responsible for defining and overseeing the organization’s application security architecture, ensuring alignment with target architectures and modern development practices.

• Strategic Oversight of Security Architecture
  • Define, design, and implement the target application security architecture in line with organizational goals and industry/regulatory standards.
  • Establish a comprehensive application security strategy, ensuring seamless integration into enterprise architecture and technology roadmaps.
  • Conduct architectural reviews to identify risks and recommend mitigation strategies, focusing on secure and scalable solutions.
  • Lead the integration of security controls into CI/CD pipelines, ensuring automated detection and remediation of vulnerabilities.
• Secure Software Development Lifecycle (SDLC)
  • Develop and enforce secure development guidelines, ensuring security is incorporated at every stage of the SDLC.
  • Provide leadership in threat modelling, secure coding practices, and software code quality management across development teams.
  • Work with application teams to prioritize security requirements, balancing business objectives with technical risks.
• Vulnerability Management and Mitigation
  • Oversee the overall strategy for SAST, DAST, to identifying and remediating vulnerabilities.
  • Ensure timely resolution of identified issues, coordinating efforts across development, QA, and DevOps teams.
  • Maintain and communicate detailed metrics and dashboards on the security posture of applications and pipelines.
• Cross-Functional Collaboration
  • Partner with application teams to align security architecture with business needs and project timelines.
  • Act as the primary liaison between technical teams and executive leadership, effectively conveying security risks and architectural priorities.

• Bachelor’s degree in computer science, Information Security, or a related field. A Master’s degree is desired.
• Relevant certifications such as CISSP, CSSLP, CEH, OSCP or CREST

• At least 15 years of experience in cybersecurity, with a focus on application security, security architecture, and secure development practices.
• Proven expertise in designing and implementing security controls within CI/CD pipelines in Agile and DevOps environments.
• Demonstrated success in defining and overseeing secure application architectures for cloud-native and hybrid environments.
• Deep understanding of secure software development lifecycle (SDLC) methodologies and best practices.
• A team-player with systematic problem-solving approach and have sense of ownership and drive.
• Must have strong people skill to lead a team effectively and demonstrable experience of working at the most senior levels of large and complex organizations.
• Excellent interpersonal skills and stakeholders' management.
• Always have customer in mind when dealing with any situations/projects/deliverables.
• Interprets customer needs, assesses requirements and identifies solutions to non-standard requests.
• Able to negotiate with, influence and engage others in complex and conflicting situations across multiple parties to drive a positive outcome.
• Good communication skills and the communication network of the incumbent is expected to be internally within the enterprise (80%) and external with Vendors and Service Providers (20%).

*Applicants must be willing to adhere to Singapore Public Holiday schedule.

Strategic Oversight of Security Architecture

• Define, design, and implement the target application security architecture in line with organizational goals and industry/regulatory standards.
• Establish a comprehensive application security strategy, ensuring seamless integration into enterprise architecture and technology roadmaps.
• Conduct architectural reviews to identify risks and recommend mitigation strategies, focusing on secure and scalable solutions.

CI/CD Pipeline Security

• Lead the integration of security controls into CI/CD pipelines, ensuring automated detection and remediation of vulnerabilities.

Secure Software Development Lifecycle (SDLC)

• Develop and enforce secure development guidelines, ensuring security is incorporated at every stage of the SDLC.
• Provide leadership in threat modelling, secure coding practices, and software code quality management across development teams.
• Work with application teams to prioritize security requirements, balancing business objectives with technical risks.

Vulnerability Management and Mitigation

• Oversee the overall strategy for SAST, DAST, to identifying and remediating vulnerabilities.
• Ensure timely resolution of identified issues, coordinating efforts across development, QA, and DevOps teams.
• Maintain and communicate detailed metrics and dashboards on the security posture of applications and pipelines.

Cross-Functional Collaboration

• Partner with application teams to align security architecture with business needs and project timelines.
• Act as the primary liaison between technical teams and executive leadership, effectively conveying security risks and architectural priorities.

Education and Certifications:

• Bachelor's degree in computer science, Information Security, or a related field. A Master's degree is desired.
• Relevant certifications such as CISSP, CSSLP, CEH, OSCP or CREST

Professional Experience:

• At least 15 years of experience in cybersecurity, with a focus on application security, security architecture, and secure development practices.
• Proven expertise in designing and implementing security controls within CI/CD pipelines in Agile and DevOps environments.
• Demonstrated success in defining and overseeing secure application architectures for cloud-native and hybrid environments.
• Deep understanding of secure software development lifecycle (SDLC) methodologies and best practices.
• A team-player with systematic problem-solving approach and have sense of ownership and drive.
• Must have strong people skill to lead a team effectively and demonstrable experience of working at the most senior levels of large and complex organizations.
• Excellent interpersonal skills and stakeholders' management.
• Always have customer in mind when dealing with any situations/projects/deliverables.
• Interprets customer needs, assesses requirements and identifies solutions to non-standard requests.
• Able to negotiate with, influence and engage others in complex and conflicting situations across multiple parties to drive a positive outcome.
• Good communication skills and the communication network of the incumbent is expected to be internally within the enterprise (80%) and external with Vendors and Service Providers (20%).

1.    Strategic Oversight of Security Architecture

·    Define, design, and implement the target application security architecture in line with organizational goals and industry/regulatory standards.

·    Establish a comprehensive application security strategy, ensuring seamless integration into enterprise architecture and technology roadmaps.

·    Conduct architectural reviews to identify risks and recommend mitigation strategies, focusing on secure and scalable solutions.

2.    CI/CD Pipeline Security

·    Lead the integration of security controls into CI/CD pipelines, ensuring automated detection and remediation of vulnerabilities.

3.    Secure Software Development Lifecycle (SDLC)

·    Develop and enforce secure development guidelines, ensuring security is incorporated at every stage of the SDLC.

·    Provide leadership in threat modelling, secure coding practices, and software code quality management across development teams.

·    Work with application teams to prioritize security requirements, balancing business objectives with technical risks.

4.    Vulnerability Management and Mitigation

·    Oversee the overall strategy for SAST, DAST, to identifying and remediating vulnerabilities.

·    Ensure timely resolution of identified issues, coordinating efforts across development, QA, and DevOps teams.

·    Maintain and communicate detailed metrics and dashboards on the security posture of applications and pipelines.

5.    Cross-Functional Collaboration

·    Partner with application teams to align security architecture with business needs and project timelines.

·    Act as the primary liaison between technical teams and executive leadership, effectively conveying security risks and architectural priorities.

Education and Certifications:

• Bachelor's degree in computer science, Information Security, or a related field. A Master's degree is desired.
• Relevant certifications such as CISSP, CSSLP, CEH, OSCP or CREST

Professional Experience:

• At least 15 years of experience in cybersecurity, with a focus on application security, security architecture, and secure development practices.
• Proven expertise in designing and implementing security controls within CI/CD pipelines in Agile and DevOps environments.
• Demonstrated success in defining and overseeing secure application architectures for cloud-native and hybrid environments.
• Deep understanding of secure software development lifecycle (SDLC) methodologies and best practices.
• A team-player with systematic problem-solving approach and have sense of ownership and drive.
• Must have strong people skill to lead a team effectively and demonstrable experience of working at the most senior levels of large and complex organizations.
• Excellent interpersonal skills and stakeholders management.
• Always have customer in mind when dealing with any situations/projects/deliverables.
• Interprets customer needs, assesses requirements and identifies solutions to non-standard requests.
• Able to negotiate with, influence and engage others in complex and conflicting situations across multiple parties to drive a positive outcome.
• Good communication skills and the communication network of the incumbent is expected to be internally within the enterprise (80%) and external with Vendors and Service Providers (20%).

Job Description
Purpose
To Man The Security Control Room To Ensure Security Compliance As Per The Defined IDEMIA Physical Security Implementation Policies And Guidelines Not Limited To The Following

• Visitor Registration
• Maintaining and monitoring of security equipment to ensure in good working condition for the security enforcement within the High Security Area and areas around it.
• Perform routine testing on all installed security equipment to ensure the equipment still working as expected. Any discrepancies need to be immediately attended and escalated to the next level for intervention.
• Ensure all activities carry out within the High Security Area are monitored and captured via CCTV and around the service center premises. Any security non-compliance activity observe must be escalated to the Security Manager
• Responsible to update and upload monthly physical security KPIs
• Attending to all security tasks required to be complete routinely such as daily, weekly, monthly, quarterly, semi-annual and annual task.
• To ensure all required forms and movement logs are duly signed and completed. Weekly card access reports need to be reviewed for exception and submitted promptly to Security Manager for review.

Follow-up with vendors promptly for security equipment failure that requires fixes and routine maintenance. This includes following up to obtain quotation, raising Purchase Requisition and forwarding Purchasing Order

Key Missions

L1 SOC monitoring (24x7 shift basis)

• L1 SOC monitoring of security alerts 24x7 utilising SIEM, EDR tools, and intrusion detection systems (IDS/IPS)
• Analyse logs, network traffic, end point data or other source logs to identify suspicious activity or indicators of compromise (IoCs).
• Triage and prioritize alerts based on severity, impact, and organizational risk, and perform required escalations and mitigations

Incident response

• Perform containment and mitigation actions for incidents. Escalate confirmed or high-risk incidents to L2/L3 analysts or incident response teams.
• Collate required information to complete incident documentation and report if necessary.

Governance

• To support the Security GRC team during regulatory inspection, external audit, customer queries, security certificate programs, and internal audit projects to ensure compliance with regulations and customer requirements.
• Perform due diligence to assess the information security posture of our third parties
• Support in any on-site assessments of our third party / outsourced parties

Vulnerability & threat intelligence:

• Stay updated on emerging threats through threat intelligence

Requirement:

• Bachelor's degree in Computer Science, IT, Software Engineering, or equivalent is required
• Any security certifcations Security+, CySA+, CEH, GIAC GSEC, GIAC GCDA, GIAC GDAT, CISA, CISM, CISSP will be a plus
• Good understanding of network security, operating systems, SQL programming
• 1-5 years of relevant security monitoring/SOC experience
• Having experience in handling governance, risk, compliance work will be a plus

Job Summary

Responsible for supporting the Head of Department in the daily operations of NSMD. This role involves planning and managing various matters to strengthen network security, resilience, and reliability. The incumbent will also be responsible for operationalizing strategic initiatives that safeguard the nation's digital assets, protect consumer interests, and align with the National Policy Objectives outlined in CMA98.

Key Accountabilities / Responsibilities

1) Strategic Policy and Regulatory Framework Development:

• Manage the operational aspect of the regulatory frameworks on information and network security, aligning with the national policy objectives of the CMA98, the Malaysia Cyber Security Strategy, and other relevant national policies and directives, including the development of the relevant regulatory tools and frameworks.

2) Security Assessments and Compliance:

• Implement initiatives to promote compliance among industry players including operationalizing the implementation of security assessments on the industry and Malaysia's Critical National Information Infrastructure (CNII) to maintain continuous security preparedness.

3) Strategic Monitoring and Threat Management:

• Plan and implement strategic monitoring to identify security threats entering and within Malaysia's network environment, ensuring situational awareness including managing the issuance of industry and public advisories addressing new and arising threats to network security. Serve as the designated sector lead for the C&M sector under Malaysia's national security framework.

4) Strategic Project Management:

• Plan and implement strategic projects in the areas of information and network security, including related stakeholder management, to ensure smooth project delivery.

5) International/National Collaborations:

• Collaborate with local and international law enforcement agencies, service providers, vendors, and other relevant parties to address and mitigate cyber-dependent crimes, and cyber-enabled crimes and to promote cooperation, information exchange, standards development, and collective security.

6) Network Security Expert Services:

• Manage the fulfilment of network security expert services to internal and external stakeholders in security incidents management, ensuring the security and resiliency of networks and systems.

7) Technology Risks:

• Track the evolution and emergence of new technologies and risks (such as AI & machine learning, quantum computing, etc.) to manage the associated security risks arising from these technologies.

8) Capacity Development:

• Plan and implement capacity development programs to address gaps within the department and the C&M industry in the area of information and network security.

9) Financial Management:

• Plan, monitor, and control the financial budget and costs to ensure effective and efficient utilization and management of funds.

10) Performance Management:

• Monitor compliance with established department procedures to ensure accountability and effective performance management.

Ideal Candidate Requirements

Education & Qualifications

• Minimum Bachelor's Degree in Computer Science, Computer Networking, Information Technology or other related disciplines with a minimum CGPA of 3.00 from a reputable University/College.

Experience

• A minimum of 8-10 years of working experience in regulatory and/or information and cyber security domains would be an added advantage.

• A sound understanding of risk identification and management is an added advantage.

• Problem-solving skills and out-of-the-box thinking.

• Multi-task, work independently, and work under pressure with minimum supervision.

Technical & Functional Skills

• IT / Information Security

• Risk Identification and Management

• Project Conceptualization & Management

• Incident Management

• Strategic Communications

• Public and Government relations

• Performance Management

• Business Process Management

• Governance and Auditing

Leadership & Interpersonal Skills

• Integrity

• Strategic Thinking

• Customer orientation

• Achievement Orientation

• Problem Solving

• Analytical Thinking

• Negotiation Skills

• Stakeholder Management

• Communications and Presentation Skills

• Writing skills (BM & English)

Job Type: Permanent

Pay: RM6, RM8,000.00 per month

Benefits:

• Professional development

Work Location: In person

Job Summary

Responsible for developing innovative solutions for security and operational challenges, supervising and mentoring junior staff, researching emerging threats, and building stakeholder relationships. They drive initiatives to enhance the security and reliability of network infrastructure, solve technical challenges, design scalable systems, maintain documentation, ensure quality, focus on user-centric solutions, and contribute to strategic technological planning.

Key Accountabilities / Responsibilities

• Planned, developed, and implemented innovative solutions and initiatives to enhance network infrastructure and services' security, resiliency, and reliability, including critical network information infrastructure.

• Planned, supervised, and deployed the development of security tools and artificial intelligence systems and benchmarked emerging security technologies to strengthen the overall security posture of organizations and stakeholders.

• Project lead on process automation initiatives to enhance operations and service delivery within the division, sector, organization, and among external stakeholders.

• Study, identify, and evaluate emerging security threats and risks and develop effective mitigation strategies, tools, and systems to manage those threats and risks.

• Project lead on implementing vulnerability assessment and penetration tests on communications & digital products, services, systems, and organizations to identify security vulnerabilities and pursue corrective action to address them.

• Team lead for threat-intelligence gathering and horizon–scanning activities to increase situational awareness and preparedness for rising security threats and risks.

• Undertake strategic and tactical R&D activities to explore new technologies and techniques to enhance MCMC and the industry's capabilities while reducing overdependency on vendor-supplied network/cyber security solutions.

• Establish research partnerships with academia to enhance capabilities, processes, tools, and systems.

• Collaborate with other departments, technical agencies, law enforcement agencies, service providers, vendors, and other relevant parties on mitigating cyber-dependent crimes, cyber-enabled crimes, and the misuse of telecommunications services.

• Recommend capacity and expertise gaps within the department and enhance the necessary skillsets through comprehensive training and capacity building.

• A budget representative for the financial budget and costs to ensure effective and efficient utilization and management of funds.

• Provide coaching, guidance, and mentoring to junior department staff to motivate them to fulfil their self-actualization.

Ideal Candidate Requirements

Education & Qualifications

• Minimum Bachelor's Degree in Computer Science, Cybersecurity, Network Security, Programming or relevant discipline from a reputable University/College.

Experience

• A minimum of 5 - 8 years of working experience in computer science, cyber security, or a related field and experience in developing systems and tools.

• Proven experience in a senior technical role within network security or related field.

• Expertise in scalable system design and development.

• Problem-solving skills and out-of-the-box thinking.

• Multi-task, work independently, and work under pressure with minimum supervision.

Technical & Functional Skills

• Experienced in the publication of papers.

• Strong Network security skills.

• Research and development skills.

• Excellent in writing and communication skills in English and BM

Leadership & Interpersonal Skills

• Excellent verbal and written communication skills.

• Analytical thinking and problem-solving skills.

• Ability to multitask.

• Project management skills

Job Type: Permanent

Pay: RM6, RM8,000.00 per month

Benefits:

• Professional development

Work Location: In person

Company Description

At NEXTDC we are building the heart of Australia & Asia’s high-tech future. We design, build and operate world class, next generation data centres, using cutting edge, environmentally efficient infrastructure to service the specific requirements of local, international hyperscale customers. We are establishing a new data centre in PJ, meeting the current and future digital needs of Malaysia by accelerating job skills, direct investment and economic prosperity. At NEXTDC, we know that our success depends on the talents of our people, and we foster a culture of continued learning and development. Our culture is built on collaboration and innovation, we are passionate about what we do, and we are committed to our mission to be the leading customer-centric data centre services company. Where Cloud lives and AI thrives.

Job Description

As Security Team Manager for the KL region, you will drive team performance and ensure strong customer outcomes. You will protect NEXTDC’s people, assets and information, along with those of our customers, from threats including physical assault, espionage, terrorism and theft.

Working with Facility Management, you will manage day to day security operations across our data centres, ensuring alignment with policies and procedures. You will act as the key escalation point for security matters and help embed a customer first mindset across the team. This role plays a vital part in building a culture where security is integrated into everyday decisions and actions.

About the role:

Customer Focus

• Ensure all customer interactions are timely, courteous and professional
• Support VIP and large-scale customer events
• Provide clear advice and communication on security service requests and incidents
• Take ownership of complex security issues and escalations, driving prompt resolution
• Maintain deep understanding of customer requirements and contracts
• Collaborate with teams to ensure readiness for new customer onboarding
• Develop strong knowledge of NEXTDC services, products, operations and incident management

People Management

• Lead, support and mentor security team members within the region
• Manage Security Team Leaders including regular one-on-ones, feedback and performance
• Support staff development and organise training as needed
• Assist with rostering, shift coverage and leave management
• Oversee recruitment including interviews and hiring decisions
• Act as escalation point for team issues ensuring service continuity

Delivery Partnerships

• Manage delivery partners for personnel provision and service quality
• Conduct interviews and make staffing decisions with partners
• Resolve service delivery issues quickly to maintain continuity
• Foster strong communication and collaboration with partners

Collaboration & Innovation

• Work across teams to enhance customer experience and improve processes
• Support Crisis Management and Disaster Recovery plans
• Assist with critical infrastructure escalations
• Challenge and improve systems and procedures

Financial Management

• Manage budget and rostering to control costs and avoid overtime overspend
• Process and validate invoices promptly
• Ensure compliance with financial policies and maintain accurate records

Audit, Compliance & Reporting

• Participate in internal and customer audits
• Maintain accurate security data and reports
• Provide regular security incident and operational reports
• Coordinate with Customer Solutions and Service teams to ensure smooth operations

General Duties

• Provide regular updates to Head of Security
• Oversee security equipment deployment and maintenance
• Complete administrative and time tracking tasks promptly
• Respond quickly to internal requests and provide feedback on procedures

About you:

• Strong communication and leadership skills
• Proven ability to build relationships and manage security operations
• Effective problem solver with negotiation and supplier management experience
• Independent, organised and detail focused
• Excellent time management and multitasking abilities
• Experienced in managing VIP events and security training
• Proficient in MS Office

Qualifications

• Over 10 years managing corporate, physical and information security for Malaysian and international organisations with 200+ employees
• In-depth knowledge of ISO27001, PCI, SOC and related international standards
• Strong understanding of Malaysian workplace health and safety requirements
• Expertise in modern security technologies including CCTV, alarms, and human, parcel and vehicle scanners
• Experience managing large scale events and VIP visits
• Class 2(s) Security Licence (desirable)
• First Aid and CPR certification
• Chief Warden or Warden training

Additional Information

• Opportunity to deliver landmark infrastructure projects shaping Australia’s digital economy.
• A values driven culture built on innovation, collaboration and growth.
• Inclusive, diverse and values-driven working culture
• Great opportunities to progress within our company (grow as we grow)

Our mission is to continue building a diverse and inclusive workforce which represents the communities in which we operate.

Make NEXTDC your next move.

Note: This description has been refined for formatting and clarity; content remains as in the original.