172 Information Governance jobs in Malaysia

Information Technology Governance Manager

Information Technology Governance Manager

Direct message the job poster from Cognizant APAC Talent Acquisition Lead at Cognizant

The IT Governance Manager will be responsible for developing and implementing policies and procedures that ensure the effective and efficient use of IT in enabling our organization to achieve its goals. He/She will also oversee the IT governance framework, ensuring that all IT activities comply with regulatory requirements and best practices. Key responsibilities for this role include: - Developing and implementing IT governance frameworks and policies - Ensuring compliance with regulatory requirements and best practices - Monitoring and reporting on IT performance and compliance - Collaborating with other departments to ensure alignment with business objectives - Providing guidance and support for IT-related decision-making The ideal candidate should have a strong background in IT governance, risk management, and compliance, with excellent communication and leadership skills. They should also have a deep understanding of IT processes and best practices, as well as experience in managing IT projects and initiatives. Seniority level

Seniority level Mid-Senior level Employment type

Employment type Full-time Job function

Job function Information Technology Industries IT Services and IT Consulting Referrals increase your chances of interviewing at Cognizant by 2x Sign in to set job alerts for “Information Technology Governance Manager” roles.

WP. Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 5 days ago WP. Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 1 day ago Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 1 week ago Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 1 week ago Information Technology Governance Manager

Federal Territory of Kuala Lumpur, Malaysia 1 week ago Information Technology Governance Manager

WP. Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 1 week ago Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 1 day ago Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 1 week ago Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 23 hours ago Kuala Lumpur City, Federal Territory of Kuala Lumpur, Malaysia 5 days ago IT Specialist, Operations and Infrastructure (MY)

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 3 weeks ago Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 2 weeks ago Federal Territory of Kuala Lumpur, Malaysia 3 weeks ago Petaling Jaya, Selangor, Malaysia 6 days ago WP. Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 1 week ago Application Specialist, Technology & Operations

Manager, Internal Audit - IT/Technical & Network

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 1 week ago Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 1 year ago Petaling Jaya, Selangor, Malaysia 18 hours ago Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 1 day ago Technology Consulting - Information Technology Business Analyst, Manager/ Senior Manager

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 5 days ago Petaling Jaya, Selangor, Malaysia 5 months ago Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 1 week ago Petaling Jaya, Selangor, Malaysia 1 day ago Federal Territory of Kuala Lumpur, Malaysia 2 weeks ago IT Security Project Manager I IT Security, MSS, Group Technology & Digital

WP. Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 3 weeks ago WP. Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 3 weeks ago Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 3 days ago We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

#J-18808-Ljbffr

Senior/Junior Information Security Consultant (Governance, Risk and Compliance) Location: Malaysia

Job Summary and Mission

This position contributes to the success of wizlynx group by performing the following:

• Responsible for development and operational activities across the entire scope of our clients' Security Governance, Risk and Compliance programs.
• The job encompasses leading and participating in the assessment of security, risks, and control effectiveness for applications, infrastructure, and technology projects. The Specialist will identify, classify, and document control issues in our clients' computing environment by documenting assessment results, recommending corrective action, tracking remediation, evaluating policy and control standard exceptions, and regularly reporting to our clients' IT management.
• Serve as the primary contact point for issue escalation.
• Manage service support requirements and ensure that quality plan, KPIs/SLAs are met.
• Draft support SOP and documentation.
• Models and acts in accordance with wizlynx group guiding principles.

With this position, you will also have the opportunity to get introduced to different areas of information and cyber security such as Offensive Security & Penetration Testing.

Summary of Key Responsibilities

• Leads IT control assessments for our clients to ensure effective IT controls are in place to meet operational and compliance requirements.
• Works with our clients' IT, Internal Audit, Compliance and other key stakeholders to create an IT GRC strategy that complies with professional standards and addresses the IT risks inherent in our client’s operations and industry.
• Develops Vendor Risk Management policies and supports client’s risk profile assessment for vendor onboarding process and conducts annual review of critical vendors.
• Performs ongoing logical access reviews and recommends updates to access control privileges to ensure proper Segregation of Duties based on user access reviews.
• Effectively reports and communicates testing results to client’s IT management for corrective action, where required.
• Conducts information security awareness training.
• Performs evidence collection and project management assistance of our clients' annual compliance (e.g. CREST, PCI DSS) certification program.
• Track and monitor risk exceptions to ensure control deviations are identified and mitigating controls are in place.
• Assist our clients with drafting and maintaining information security policies.
• Provides mentoring for other team members.
• Demonstrates excellent project management skills, inspires teamwork and responsibility with engagement team members, and uses current technology/tools to enhance the effectiveness of deliverables and services.
• Facilitates the performance and testing of our client’s annual disaster recovery tests and business continuity plans.

Summary of Ideal Experience, Skills, Knowledge, and Abilities

Ideal Experience

a) Senior GRC role:

A minimum of five years of experience in information security audit or in a technology-related audit or compliance field, and strong knowledge base in operations, enterprise networking, system evaluation/architecture and consulting experience preferred.

b) Junior GRC role:
One to two years of experience in information security audit or in a technology-related audit or compliance field, and strong knowledge base in operations, enterprise networking, system evaluation/architecture and consulting experience preferred.

• Strong understanding of and ability to provide security configuration and testing of networking and operating systems including TCP/IP, WAN/LAN routing, VLAN architecture, and a wide array of large-scale environments including various major web application servers.
• Strong understanding of information security principles such as ISO 27001, BNM GPIS, MAS TRM PCI-DSS, PDPA, and other regulatory compliance.

Language Skills

• Fluent technical English (speech and writing).
• Ability to communicate clearly and concisely, both orally and in writing, in local language.

Soft Skills

• Excellent team leadership, team-oriented and team player who takes ownership.
• Flexible attitude, reliable, action-oriented.
• Customer-friendly approach and appearance.
• Willingness to travel.
• Innovative to push new ideas, dynamic and forward-looking with clear management principles towards the team.
• Able to work independently, critical thinking and be able to communicate effectively with the support team and customers.
• Enjoys working in a global team with different cultures.

Technical Skills and Abilities

• Microsoft OS and Office knowledge.
• Technical document writing.
• Experience in Project Management in IT.
• Knowledge in perimeter firewall infrastructure and VPN remote access.

Summary of Education

• Bachelor's degree from an accredited college/university in an appropriate field.

Certifications / Training

• CISM, CISA, CRISC, CISSP certified.

KEY PERFORMANCE INDICATORS / MEASURES OF SUCCESS

• Achieve agreed targets/SLA/KPI in terms of quality, time and cost.
• Lead team members to achieve team/organizational goals.
• Improve and retain high customer satisfaction.

POTENTIAL CAREER DEVELOPMENT

• Advance to higher business development tiers or geographic reach.

APPLY NOW

Your Full Name

Your Email

Upload Resume

Your Full Name Your Email Upload Resume I grant wizlynx group my consent to the processing of my personal information for the job application purposes.

#J-18808-Ljbffr

Senior/Junior Information Security Consultant (Governance, Risk and Compliance)

Location: Malaysia

Job Summary and Mission This position contributes to the success of wizlynx group by performing the following: Responsible for development and operational activities across the entire scope of our clients' Security Governance, Risk and Compliance programs. The job encompasses leading and participating in the assessment of security, risks, and control effectiveness for applications, infrastructure, and technology projects. The Specialist will identify, classify, and document control issues in our clients' computing environment by documenting assessment results, recommending corrective action, tracking remediation, evaluating policy and control standard exceptions, and regularly reporting to our clients' IT management. Serve as the primary contact point for issue escalation. Manage service support requirements and ensure that quality plan, KPIs/SLAs are met. Draft support SOP and documentation. Models and acts in accordance with wizlynx group guiding principles. With this position, you will also have the opportunity to get introduced to different areas of information and cyber security such as Offensive Security & Penetration Testing. Summary of Key Responsibilities Leads IT control assessments for our clients to ensure effective IT controls are in place to meet operational and compliance requirements. Works with our clients' IT, Internal Audit, Compliance and other key stakeholders to create an IT GRC strategy that complies with professional standards and addresses the IT risks inherent in our client’s operations and industry. Develops Vendor Risk Management policies and supports client’s risk profile assessment for vendor onboarding process and conducts annual review of critical vendors. Performs ongoing logical access reviews and recommends updates to access control privileges to ensure proper Segregation of Duties based on user access reviews. Effectively reports and communicates testing results to client’s IT management for corrective action, where required. Conducts information security awareness training. Performs evidence collection and project management assistance of our clients' annual compliance (e.g. CREST, PCI DSS) certification program. Track and monitor risk exceptions to ensure control deviations are identified and mitigating controls are in place. Assist our clients with drafting and maintaining information security policies. Provides mentoring for other team members. Demonstrates excellent project management skills, inspires teamwork and responsibility with engagement team members, and uses current technology/tools to enhance the effectiveness of deliverables and services. Facilitates the performance and testing of our client’s annual disaster recovery tests and business continuity plans. Summary of Ideal Experience, Skills, Knowledge, and Abilities Ideal Experience a) Senior GRC role: A minimum of five years of experience in information security audit or in a technology-related audit or compliance field, and strong knowledge base in operations, enterprise networking, system evaluation/architecture and consulting experience preferred. b) Junior GRC role: One to two years of experience in information security audit or in a technology-related audit or compliance field, and strong knowledge base in operations, enterprise networking, system evaluation/architecture and consulting experience preferred. Strong understanding of and ability to provide security configuration and testing of networking and operating systems including TCP/IP, WAN/LAN routing, VLAN architecture, and a wide array of large-scale environments including various major web application servers. Strong understanding of information security principles such as ISO 27001, BNM GPIS, MAS TRM PCI-DSS, PDPA, and other regulatory compliance. Language Skills Fluent technical English (speech and writing). Ability to communicate clearly and concisely, both orally and in writing, in local language. Soft Skills Excellent team leadership, team-oriented and team player who takes ownership. Flexible attitude, reliable, action-oriented. Customer-friendly approach and appearance. Willingness to travel. Innovative to push new ideas, dynamic and forward-looking with clear management principles towards the team. Able to work independently, critical thinking and be able to communicate effectively with the support team and customers. Enjoys working in a global team with different cultures. Technical Skills and Abilities Microsoft OS and Office knowledge. Technical document writing. Experience in Project Management in IT. Knowledge in perimeter firewall infrastructure and VPN remote access. Summary of Education Bachelor's degree from an accredited college/university in an appropriate field. Certifications / Training CISM, CISA, CRISC, CISSP certified. KEY PERFORMANCE INDICATORS / MEASURES OF SUCCESS Achieve agreed targets/SLA/KPI in terms of quality, time and cost. Lead team members to achieve team/organizational goals. Improve and retain high customer satisfaction. POTENTIAL CAREER DEVELOPMENT Advance to higher business development tiers or geographic reach. APPLY NOW

Your Full Name Your Email Upload Resume Your Full Name Your Email Upload Resume I grant wizlynx group my consent to the processing of my personal information for the job application purposes.

#J-18808-Ljbffr

Manager, Information Security page is loadedManager, Information Security Apply locations ASIA > MYS > Kuala Lumpur > KL Office time type Full time posted on Posted 30+ Days Ago job requisition id R-20250221-0002

The Cyber Security Manager will support VF’s Global Cyber Security Team by ensuring that information security risks associated with complex business operations are within acceptable tolerances.

You will perform information security risk assessments, provide direction and guidance to stakeholders concerning the handling of security risks associated with assessment findings, assist with the design of appropriate risk mitigation strategies, and serve as an audit quality assurance gate for internal and external auditors while driving compliance and audit work related to data privacy.

How You Will Make a Difference

You will achieve this by:

• Collaborating with information technology and other business units to identify cybersecurity risks associated with current and planned projects.
• Performing assessments of external party information security controls to ensure they meet or exceed VF’s information security risk management requirements for the services to be provided.
• Determining information security risk profiles for various vendor and business partner services using questionnaires, relevant industry best practices and standards, and knowledge of VF policies.
• Recommending solutions to eliminate, reduce, or mitigate cybersecurity risk, and communicate said solutions to external parties and/or internal business stakeholders as appropriate.
• Providing direction and guidance as needed to internal project stakeholders concerning statutory, regulatory, and VF policy requirements.
• Reporting status of engagements to Global Cyber Security management, project managers, and other business stakeholders as appropriate.
• Assisting in enforcing information security policies, standards, and procedures. Review requests for exceptions to security policies and provide recommendations to management.
• Serving as a focal point for MLPS and provide advisory around MLPS and other APAC data privacy laws related controls and processes.
• Acting as focal point for Regional PCI-DSS assessments, vulnerability assessments and other security operations.
• Researching and advocate new technologies, architectures, and products that will support security requirements for the enterprise and its customers, business partners, and vendors.
• Performing other information security risk management tasks as assigned.

Skills for Success

Aformal education and subsequent University Bachelor or Master’s degree in information systems, computer science, or related field are preferred, but we are mostinterested in your total experience and professional achievements. That’s why:

• You rely on 5+ years of information security risk management, IT audit, and/or IT controls design and implementation experience.
• You possess a Certified Information Systems Security Professional (CISSP) certification, Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) or similar credentials.
• You are familiar with industry best practises related to security and data privacy in Cloud environments.
• You have functional understanding of industry frameworks, regulations, legislation, and audit methodologies, including SOC 1, SOC 2, ISO 27001, SIG, NIST Cybersecurity Framework, Sarbanes-Oxley (SOX), PCI-DSS, MLPS and various other privacy laws.
• You are apt to broker complex discussions to achieve the proper balance between business needs and cybersecurity best practices.
• You possess the ability to influence others through persuasion to arrive at desired outcomes.
• You communicate effectively with a broad range of people and roles, including vendors, information technology professionals, and other business personnel.
• You desire to seize the initiative, operate proactively, and work in a highly independent manner.
• You are fluent in English and Mandarin, any other Asian languages are a plus.

R-20250221-0002

About Us

VF Corporation outfits consumers around the world with its diverse portfolio of iconic lifestyle brands, including Vans, The North Face, Timberland, and Dickies. Founded in 1899, VF is one of the world's largest apparel, footwear and accessories companies with socially and environmentally responsible operations spanning numerous geographies, product categories and distribution channels. VF is committed to delivering innovative products to consumers and creating long-term value for its customers and shareholders.

VF Vision Statement
VF is committed to creating an inclusive environment that welcomes and values the differences among all of our associates, customers, suppliers and the communities in which we live and conduct business. The continued success and growth of VF is enhanced through initiatives that promote inclusion throughout VF around the world.VF is an equal opportunity employer. VF provides equal employment and advancement opportunities to all qualified individuals. VF bases employment decisions on skills, qualifications, and abilities. To learn more, read our Equal Opportunity Employment Policy here .

VF is committed to meeting the diverse needs of people with disabilities in a timely manner that is consistent with the principles of independence, dignity, integration and equality of opportunity, and will do so by striving to identify, prevent and remove barriers to accessibility wherever possible as well as by meeting the accessibility requirements under the ADA, AODA, and other applicable state, local or provincial regulations.

VF is committed to digital accessibility, and to conforming to the Web Content Accessibility Guidelines (WCAG) 2.1, Level AA and complying with the ADA and AODA Standards for Accessible Design, and other applicable regulations.

If you need an accommodation or have any questions regarding this statement, please send your request to .

#J-18808-Ljbffr

Joining Razer will place you on a global mission to revolutionize the way the world games. Razer is a place to do great work , offering you the opportunity to make an impact globally while working across a global team located across 5 continents. Razer is also a great place to work, providing you the unique, gamer-centric #LifeAtRazer experience that will put you in an accelerated growth, both personally and professionally.

Job Responsibilities : We are looking for a skilled and analytical Information Security Analyst to join our team. In this role, you’ll be at the forefront of protecting our systems by identifying vulnerabilities, responding to threats, and continuously improving our security posture.

This position offers valuable hands-on experience in cybersecurity. If you're eager to learn and build a career in this field, we encourage you to apply.

Essential Duties and Responsibilities

• Conduct vulnerability assessments and provide actionable remediation plans
• Perform penetration testing on networks, applications, and infrastructure.
• Review and optimize firewall rules and configurations.
• Monitor, analyze, and respond to security events and incidents, ensuring timely resolution and root cause analysis
• Investigate and respond to security incidents in a timely manner.
• Review and validate bug bounty submissions, coordinating with researchers and internal teams.
• Collaborate with IT, DevOps, and compliance teams to implement security best practices.
• Collaborate closely with business units to provide expert support and guidance on information security matters.
• Champion security awareness initiatives within the business, promoting a culture of security consciousness and best practices.
• Perform ad hoc tasks that are assigned by team leader or team manager.

Requirements

• Candidate must possess at least a Bachelor's Degree, Post Graduate Diploma, Professional Degree, Computer Science/Information Technology/Security or equivalent. (candidates with relative levels of related experience will be considered).
• At least 3-5 years of hands-on working experience in cybersecurity, ethical hacking or information/IT security is required for this position.
• Possession of industry-relevant certifications such as CompTIA Security+, CEH, OSCP, or similar will be advantageous.
• For lead roles, experience in people management, ability to lead and influence people is expected.
• Hands-on experience with tools such as Burp Suite, Metasploit, Nessus, Qualys, Splunk, and SIEM platforms.
• Strong understanding of network protocols, web application security, and threat detection.
• Knowledge of AWS Cloud Computing services and experience with Linux servers is essential.
• Independent with excellent analytical skills, a problem-solving attitude, and the ability to work well in a team environment.
• Applicants must be willing to work in ICITY SHAH ALAM.

Are you game?

Pre-Requisites :

Are you game?

#J-18808-Ljbffr

Join to apply for the Information Security Analyst role at Razer Inc.

Join to apply for the Information Security Analyst role at Razer Inc.

Get AI-powered advice on this job and more exclusive features.

Joining Razer will place you on a global mission to revolutionize the way the world games. Razer is a place to do great work , offering you the opportunity to make an impact globally while working across a global team located across 5 continents. Razer is also a great place to work, providing you the unique, gamer-centric experience that will put you in an accelerated growth, both personally and professionally.

Job Responsibilities

We are looking for a skilled and analytical Information Security Analyst to join our team. In this role, you’ll be at the forefront of protecting our systems by identifying vulnerabilities, responding to threats, and continuously improving our security posture.

This position offers valuable hands-on experience in cybersecurity. If you're eager to learn and build a career in this field, we encourage you to apply.

Essential Duties And Responsibilities

• Conduct vulnerability assessments and provide actionable remediation plans
• Perform penetration testing on networks, applications, and infrastructure.
• Review and optimize firewall rules and configurations.
• Monitor, analyze, and respond to security events and incidents, ensuring timely resolution and root cause analysis
• Investigate and respond to security incidents in a timely manner.
• Review and validate bug bounty submissions, coordinating with researchers and internal teams.
• Collaborate with IT, DevOps, and compliance teams to implement security best practices.
• Collaborate closely with business units to provide expert support and guidance on information security matters.
• Champion security awareness initiatives within the business, promoting a culture of security consciousness and best practices.
• Perform ad hoc tasks that are assigned by team leader or team manager.
  
  
  

Requirements

• Candidate must possess at least a Bachelor's Degree, Post Graduate Diploma, Professional Degree, Computer Science/Information Technology/Security or equivalent. (candidates with relative levels of related experience will be considered).
• At least 3-5 years of hands-on working experience in cybersecurity, ethical hacking or information/IT security is required for this position.
• Possession of industry-relevant certifications such as CompTIA Security+, CEH, OSCP, or similar will be advantageous.
• For lead roles, experience in people management, ability to lead and influence people is expected.
• Hands-on experience with tools such as Burp Suite, Metasploit, Nessus, Qualys, Splunk, and SIEM platforms.
• Strong understanding of network protocols, web application security, and threat detection.
• Knowledge of AWS Cloud Computing services and experience with Linux servers is essential.
• Independent with excellent analytical skills, a problem-solving attitude, and the ability to work well in a team environment.
• Applicants must be willing to work in ICITY SHAH ALAM.
  
  
  

Are you game?

Pre-Requisites

Are you game?

Seniority level

• Seniority level Mid-Senior level

Employment type

• Employment type Full-time

Job function

• Job function Information Technology
• Industries Computers and Electronics Manufacturing

Referrals increase your chances of interviewing at Razer Inc. by 2x

Get notified about new Information Security Analyst jobs in Shah Alam, Selangor, Malaysia .

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 2 months ago

Petaling Jaya, Selangor, Malaysia 6 days ago

Petaling Jaya, Selangor, Malaysia 21 hours ago

(Senior) Cyber Security Consultant & Penetration Tester

WP. Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 4 months ago

(TRC) Manager - Cyber Response (Petaling Jaya)

Kuala Lumpur City, Federal Territory of Kuala Lumpur, Malaysia 1 week ago

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 1 week ago

Federal Territory of Kuala Lumpur, Malaysia 3 days ago

Federal Territory of Kuala Lumpur, Malaysia 4 days ago

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 4 months ago

Federal Territory of Kuala Lumpur, Malaysia 2 days ago

WP. Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 3 weeks ago

Wilayah Persekutuan Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 2 days ago

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 4 days ago

WP. Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 1 week ago

Internship - Network & Information Security Engineer

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 4 months ago

Federal Territory of Kuala Lumpur, Malaysia 4 days ago

Security Operations & Governance Analyst (1 year Contract)

Federal Territory of Kuala Lumpur, Malaysia 2 weeks ago

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 4 months ago

Cyber Security Analyst (Governance, Risk & Compliance)

Federal Territory of Kuala Lumpur, Malaysia 1 week ago

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 1 month ago

Associate Manager - Security Compliance Analyst

Petaling Jaya, Selangor, Malaysia 1 month ago

Cyber Security (Digital Forensic Analyst) AVP, Data Security Engineer, Group Information Security

Federal Territory of Kuala Lumpur, Malaysia 4 days ago

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 1 week ago

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 2 weeks ago

Senior Information Security Engineer (ISE)

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 1 month ago

Operational Technology (OT) Security Analyst Security Operations Analyst- APAC Blue Team Leader

Kuala Lumpur City, Federal Territory of Kuala Lumpur, Malaysia 1 week ago

Associate Manager - Security Compliance Analyst

Petaling Jaya, Selangor, Malaysia 2 days ago

Kuala Lumpur City, Federal Territory of Kuala Lumpur, Malaysia 1 year ago

(Senior) Security Engineer, Security Engineering & Threat Intelligence

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 1 week ago

Cyber Security Metrics and Behavioural Analyst

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 1 week ago

Federal Territory of Kuala Lumpur, Malaysia 4 days ago

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 2 weeks ago

Petaling Jaya, Selangor, Malaysia 7 months ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

#J-18808-Ljbffr

List of Responsibilities:

• Ongoing leadership and review of IT security

• Implementing and designing cyber security policies, procedures and system solutions in line with industry standards and certifications

• Operate, conduct, and maintain DUG’s SIEM platform and conduct regular security audits of systems, policies, procedures, network configuration, operating systems, authentication systems, permission structures

• Serve as the DUG point person for third-party security audit(s)

• Provide pre-sales security briefings / Q&A to DUG HPC Cloud customer security teams

• Work with DUG HPC Cloud customers and DUG teams on security integration

• Provide strategic-level guidance for DUG’s cyber security program and ensure compliance with cyber security policy, standards, regulations and legislation, working with the senior executives within DUG.

• Ensure the alignment of cyber security and business objectives within DUG. To achieve this, you will facilitate communication between cyber security and business stakeholders. This includes translating cyber security concepts and language into business concepts and language as well as ensuring that business teams consult with cyber security teams to determine appropriate security measures when planning new business projects. Additionally, you will be responsible for the development of the strategic-level cyber security program, being best placed to advise projects on the strategic direction of cyber security.

• Contribute to the development and maintenance of DUG’s business continuity and disaster recovery plans, with the aim to improve business resilience and ensure the continued operation of critical business processes

• Report on the DUG’s security risk profile, the status of key systems and any outstanding security risks, any planned cyber security uplift activities, any recent cyber security incidents, and expected returns on cyber security investments

• Oversee DUG’s response to cyber security incidents, including how internal teams respond and communicate with each other during an incident

• Ensure that a consistent vendor management process is applied across their organisation, from discovery through to ongoing management

#J-18808-Ljbffr

List of Responsibilities:

• Ongoing leadership and review of IT security

• Implementing and designing cyber security policies, procedures and system solutions in line with industry standards and certifications

• Operate, conduct, and maintain DUG’s SIEM platform and conduct regular security audits of systems, policies, procedures, network configuration, operating systems, authentication systems, permission structures

• Serve as the DUG point person for third-party security audit(s)

• Provide pre-sales security briefings / Q&A to DUG HPC Cloud customer security teams

• Work with DUG HPC Cloud customers and DUG teams on security integration

• Provide strategic-level guidance for DUG’s cyber security program and ensure compliance with cyber security policy, standards, regulations and legislation, working with the senior executives within DUG.

• Ensure the alignment of cyber security and business objectives within DUG. To achieve this, you will facilitate communication between cyber security and business stakeholders. This includes translating cyber security concepts and language into business concepts and language as well as ensuring that business teams consult with cyber security teams to determine appropriate security measures when planning new business projects. Additionally, you will be responsible for the development of the strategic-level cyber security program, being best placed to advise projects on the strategic direction of cyber security.

• Contribute to the development and maintenance of DUG’s business continuity and disaster recovery plans, with the aim to improve business resilience and ensure the continued operation of critical business processes

• Report on the DUG’s security risk profile, the status of key systems and any outstanding security risks, any planned cyber security uplift activities, any recent cyber security incidents, and expected returns on cyber security investments

• Oversee DUG’s response to cyber security incidents, including how internal teams respond and communicate with each other during an incident

• Ensure that a consistent vendor management process is applied across their organisation, from discovery through to ongoing management

#J-18808-Ljbffr

We are looking for an experienced Information Security Officer to design and enforce policies and procedures that protect our organization's computing infrastructure from all forms of security breaches. To be successful as an information security officer, you should have good analytical skills and knowledge of the best practices to prevent a wide range of security threats. You should also be an excellent communicator, able to train and educate our staff in various information security topics.

If you are passionate about IT security and want to work with a dynamic team of professionals, we encourage you to apply for this exciting opportunity. We offer competitive salaries and benefits packages, as well as opportunities for professional growth and development.

Key Activities :

1. Developing and implementing IT security policies, procedures, and standards
2. Identifying potential security risks and vulnerabilities and taking appropriate action to mitigate them
3. Conducting regular security assessments to identify weaknesses in our systems and processes
4. Developing and implementing security incident response plans
5. Managing and monitoring security systems, including firewalls, intrusion detection/prevention systems, and anti-virus software
6. Conducting regular security training for employees to ensure they are aware of the latest security threats and how to respond to them
7. Investigating security incidents and breaches and taking appropriate action to prevent them from happening again
8. Staying up to date with the latest security technologies and trends

Formal Education :

Degree in computer science or a technology-related field.

Specialist Knowledge :

Minimum 3 years of experience as an ISO or in a similar information security role.

Detailed Requirements for each career level (each Functional Level separately)

1. Solid knowledge of global information security standards (e.g. NIST, ISO 27001), best practices and requirements from major regulators in the financial sector (e.g. MAS, BaFin)
2. Solid knowledge of data protection standards (e.g. NIST, GDPR)
3. Excellent problem-solving and analytical skills.
4. Ability to educate a non-technical audience about various security measures.
5. Effective verbal and written communication skills
6. Candidates with professional certifications such as CISA, CISM, CRISC, CISSP and other Cyber Security certifications are preferred.

Seniority level

Mid-Senior level

Employment type

Full-time

Job function

Management, Business Development, and Information Technology

Industries

Banking

#J-18808-Ljbffr