192 Information Security Officer jobs in Malaysia

List of Responsibilities:

• Ongoing leadership and review of IT security

• Implementing and designing cyber security policies, procedures and system solutions in line with industry standards and certifications

• Operate, conduct, and maintain DUG’s SIEM platform and conduct regular security audits of systems, policies, procedures, network configuration, operating systems, authentication systems, permission structures

• Serve as the DUG point person for third-party security audit(s)

• Provide pre-sales security briefings / Q&A to DUG HPC Cloud customer security teams

• Work with DUG HPC Cloud customers and DUG teams on security integration

• Provide strategic-level guidance for DUG’s cyber security program and ensure compliance with cyber security policy, standards, regulations and legislation, working with the senior executives within DUG.

• Ensure the alignment of cyber security and business objectives within DUG. To achieve this, you will facilitate communication between cyber security and business stakeholders. This includes translating cyber security concepts and language into business concepts and language as well as ensuring that business teams consult with cyber security teams to determine appropriate security measures when planning new business projects. Additionally, you will be responsible for the development of the strategic-level cyber security program, being best placed to advise projects on the strategic direction of cyber security.

• Contribute to the development and maintenance of DUG’s business continuity and disaster recovery plans, with the aim to improve business resilience and ensure the continued operation of critical business processes

• Report on the DUG’s security risk profile, the status of key systems and any outstanding security risks, any planned cyber security uplift activities, any recent cyber security incidents, and expected returns on cyber security investments

• Oversee DUG’s response to cyber security incidents, including how internal teams respond and communicate with each other during an incident

• Ensure that a consistent vendor management process is applied across their organisation, from discovery through to ongoing management

#J-18808-Ljbffr

We are looking for an experienced Information Security Officer to design and enforce policies and procedures that protect our organization's computing infrastructure from all forms of security breaches. To be successful as an information security officer, you should have good analytical skills and knowledge of the best practices to prevent a wide range of security threats. You should also be an excellent communicator, able to train and educate our staff in various information security topics.

If you are passionate about IT security and want to work with a dynamic team of professionals, we encourage you to apply for this exciting opportunity. We offer competitive salaries and benefits packages, as well as opportunities for professional growth and development.

Key Activities :

1. Developing and implementing IT security policies, procedures, and standards
2. Identifying potential security risks and vulnerabilities and taking appropriate action to mitigate them
3. Conducting regular security assessments to identify weaknesses in our systems and processes
4. Developing and implementing security incident response plans
5. Managing and monitoring security systems, including firewalls, intrusion detection/prevention systems, and anti-virus software
6. Conducting regular security training for employees to ensure they are aware of the latest security threats and how to respond to them
7. Investigating security incidents and breaches and taking appropriate action to prevent them from happening again
8. Staying up to date with the latest security technologies and trends

Formal Education :

Degree in computer science or a technology-related field.

Specialist Knowledge :

Minimum 3 years of experience as an ISO or in a similar information security role.

Detailed Requirements for each career level (each Functional Level separately)

1. Solid knowledge of global information security standards (e.g. NIST, ISO 27001), best practices and requirements from major regulators in the financial sector (e.g. MAS, BaFin)
2. Solid knowledge of data protection standards (e.g. NIST, GDPR)
3. Excellent problem-solving and analytical skills.
4. Ability to educate a non-technical audience about various security measures.
5. Effective verbal and written communication skills
6. Candidates with professional certifications such as CISA, CISM, CRISC, CISSP and other Cyber Security certifications are preferred.

Seniority level

Mid-Senior level

Employment type

Full-time

Job function

Management, Business Development, and Information Technology

Industries

Banking

#J-18808-Ljbffr

We are looking for an experienced Information Security Officer to design and enforce policies and procedures that protect our organization's computing infrastructure from all forms of security breaches. To be successful as an information security officer, you should have good analytical skills and knowledge of the best practices to prevent a wide range of security threats. You should also be an excellent communicator, able to train and educate our staff in various information security topics.

If you are passionate about IT security and want to work with a dynamic team of professionals, we encourage you to apply for this exciting opportunity. We offer competitive salaries and benefits packages, as well as opportunities for professional growth and development.

Key Activities :

1. Developing and implementing IT security policies, procedures, and standards
2. Identifying potential security risks and vulnerabilities and taking appropriate action to mitigate them
3. Conducting regular security assessments to identify weaknesses in our systems and processes
4. Developing and implementing security incident response plans
5. Managing and monitoring security systems, including firewalls, intrusion detection/prevention systems, and anti-virus software
6. Conducting regular security training for employees to ensure they are aware of the latest security threats and how to respond to them
7. Investigating security incidents and breaches and taking appropriate action to prevent them from happening again
8. Staying up to date with the latest security technologies and trends

Formal Education :

Degree in computer science or a technology-related field.

Specialist Knowledge :

Minimum 3 years of experience as an ISO or in a similar information security role.

Detailed Requirements for each career level (each Functional Level separately)

1. Solid knowledge of global information security standards (e.g. NIST, ISO 27001), best practices and requirements from major regulators in the financial sector (e.g. MAS, BaFin)
2. Solid knowledge of data protection standards (e.g. NIST, GDPR)
3. Excellent problem-solving and analytical skills.
4. Ability to educate a non-technical audience about various security measures.
5. Effective verbal and written communication skills
6. Candidates with professional certifications such as CISA, CISM, CRISC, CISSP and other Cyber Security certifications are preferred.

Seniority level

Mid-Senior level

Employment type

Full-time

Job function

Management, Business Development, and Information Technology

Industries

Banking

#J-18808-Ljbffr

List of Responsibilities: Ongoing leadership and review of IT security

Implementing and designing cyber security policies, procedures and system solutions in line with industry standards and certifications

Operate, conduct, and maintain DUG’s SIEM platform and conduct regular security audits of systems, policies, procedures, network configuration, operating systems, authentication systems, permission structures

Serve as the DUG point person for third-party security audit(s)

Provide pre-sales security briefings / Q&A to DUG HPC Cloud customer security teams

Work with DUG HPC Cloud customers and DUG teams on security integration

Provide strategic-level guidance for DUG’s cyber security program and ensure compliance with cyber security policy, standards, regulations and legislation, working with the senior executives within DUG.

Ensure the alignment of cyber security and business objectives within DUG. To achieve this, you will facilitate communication between cyber security and business stakeholders. This includes translating cyber security concepts and language into business concepts and language as well as ensuring that business teams consult with cyber security teams to determine appropriate security measures when planning new business projects. Additionally, you will be responsible for the development of the strategic-level cyber security program, being best placed to advise projects on the strategic direction of cyber security.

Contribute to the development and maintenance of DUG’s business continuity and disaster recovery plans, with the aim to improve business resilience and ensure the continued operation of critical business processes

Report on the DUG’s security risk profile, the status of key systems and any outstanding security risks, any planned cyber security uplift activities, any recent cyber security incidents, and expected returns on cyber security investments

Oversee DUG’s response to cyber security incidents, including how internal teams respond and communicate with each other during an incident

Ensure that a consistent vendor management process is applied across their organisation, from discovery through to ongoing management

#J-18808-Ljbffr

We are looking for an experienced Information Security Officer to design and enforce policies and procedures that protect our organization's computing infrastructure from all forms of security breaches. To be successful as an information security officer, you should have good analytical skills and knowledge of the best practices to prevent a wide range of security threats. You should also be an excellent communicator, able to train and educate our staff in various information security topics. If you are passionate about IT security and want to work with a dynamic team of professionals, we encourage you to apply for this exciting opportunity. We offer competitive salaries and benefits packages, as well as opportunities for professional growth and development. Key Activities :

Developing and implementing IT security policies, procedures, and standards Identifying potential security risks and vulnerabilities and taking appropriate action to mitigate them Conducting regular security assessments to identify weaknesses in our systems and processes Developing and implementing security incident response plans Managing and monitoring security systems, including firewalls, intrusion detection/prevention systems, and anti-virus software Conducting regular security training for employees to ensure they are aware of the latest security threats and how to respond to them Investigating security incidents and breaches and taking appropriate action to prevent them from happening again Staying up to date with the latest security technologies and trends Formal Education :

Degree in computer science or a technology-related field. Specialist Knowledge :

Minimum

3 years of experience

as an ISO or in a similar information security role. Detailed Requirements for each career level (each Functional Level separately)

Solid knowledge of global information security standards (e.g. NIST, ISO 27001), best practices and requirements from major regulators in the financial sector (e.g. MAS, BaFin) Solid knowledge of data protection standards (e.g. NIST, GDPR) Excellent problem-solving and analytical skills. Ability to educate a non-technical audience about various security measures. Effective verbal and written communication skills Candidates with professional certifications such as CISA, CISM, CRISC, CISSP and other Cyber Security certifications are preferred. Seniority level

Mid-Senior level Employment type

Full-time Job function

Management, Business Development, and Information Technology Industries

Banking

#J-18808-Ljbffr

We are looking for an experienced Information Security Officer to design and enforce policies and procedures that protect our organization's computing infrastructure from all forms of security breaches. To be successful as an information security officer, you should have good analytical skills and knowledge of the best practices to prevent a wide range of security threats. You should also be an excellent communicator, able to train and educate our staff in various information security topics. If you are passionate about IT security and want to work with a dynamic team of professionals, we encourage you to apply for this exciting opportunity. We offer competitive salaries and benefits packages, as well as opportunities for professional growth and development. Key Activities :

Developing and implementing IT security policies, procedures, and standards Identifying potential security risks and vulnerabilities and taking appropriate action to mitigate them Conducting regular security assessments to identify weaknesses in our systems and processes Developing and implementing security incident response plans Managing and monitoring security systems, including firewalls, intrusion detection/prevention systems, and anti-virus software Conducting regular security training for employees to ensure they are aware of the latest security threats and how to respond to them Investigating security incidents and breaches and taking appropriate action to prevent them from happening again Staying up to date with the latest security technologies and trends Formal Education :

Degree in computer science or a technology-related field. Specialist Knowledge :

Minimum

3 years of experience

as an ISO or in a similar information security role. Detailed Requirements for each career level (each Functional Level separately)

Solid knowledge of global information security standards (e.g. NIST, ISO 27001), best practices and requirements from major regulators in the financial sector (e.g. MAS, BaFin) Solid knowledge of data protection standards (e.g. NIST, GDPR) Excellent problem-solving and analytical skills. Ability to educate a non-technical audience about various security measures. Effective verbal and written communication skills Candidates with professional certifications such as CISA, CISM, CRISC, CISSP and other Cyber Security certifications are preferred. Seniority level

Mid-Senior level Employment type

Full-time Job function

Management, Business Development, and Information Technology Industries

Banking

#J-18808-Ljbffr

You desire impactful work.

You’re RGA ready

RGA is a purpose-driven organization working to solve today’s challenges through innovation and collaboration. A Fortune 500 Company and listed among its World’s Most Admired Companies , we’re the only global reinsurance company to focus primarily on life- and health-related solutions. Join our multinational team of intelligent, motivated, and collaborative people, and help us make financial protection accessible to all.

A Brief Overview

Lead, manage and direct the Regional Security Architecture, Engineering, Operations, Governance, Risk, Compliance and Security Incident Response teams and processes. Act as the operational executive responsible for delivering all security capabilities in the geographic region, necessary to protect the global RGA enterprise while maintaining contractual and regulatory requirements. Oversee and deliver the continually improving security capabilities regionally in support of RGA regional subsidiaries and global security requirements. Communicate and collaborate with and brief senior Security, IT and business leaders to ensure efficient and effective delivery of global security services in the region while aligning with global security and risk management standards. Participate as the primary RGA leader responsible for leading and coordinating the delivery of all security capabilities in the region with the goal of minimizing associated potential business impacts.

What you will do

• Lead a senior team to develop, implement and continually enhance regional security architecture, engineering, governance, risk, compliance and incident response capabilities.
• Support global policies and standards; proposes changes to existing policies, standards and procedures; directs implementation of policies, standards and procedures in the region to ensure effective security and risk management outcomes.
• Drive regional development and deployment of security capabilities, architectural implementation, configuration, risk management, data collection and analysis as well as logging and alerting requirements for the RGA enterprise.
• Enhance existing regional security and risk management capabilities through a mix of people, processes and technologies which increase capability maturity and reduce the likelihood that threat actors will circumvent security capabilities within the region.
• Provide expansive information security expertise in the diagnosis of control requirements shortfalls, identification of business risks, evaluation of solution alternatives and delivery of systems solutions to assist in the identification, prevention, detection, response, and eradication of threat activity within the region.
• Serve as a key advisor for information security, data privacy, disaster recovery, and physical security for RGA on trends and emerging risks within the region.
• Represent Global Security, Governance, Risk Management, Security Operations, and Incident Response advocating for information security, data privacy, disaster recovery, and physical security best practices working with all other appropriate stakeholders.
• Lead, manage and direct the activities of department management in all aspects of supervisory duties, including, but not limited to hiring, training, evaluating, coaching, and disciplining direct reports. Foster a positive and engaged work environment. Mentor associates and give guidance on associate development.

Qualifications

• Bachelor’s Degree in Arts/Sciences (BA/BS)
• Master’s degree in Arts/Sciences (MA/MS) is preferred
• 10+ Years progressive professional experience evaluating, delivering, and/or managing in a complex IT environment(s) as well as people management experience
• 15+ Years professional experience including 7 years working in a complex, global corporation
• 15+ Years professional experience in information security
• 3+ Years experience in technology architecture and development
• 3+ Years experience engaging with and defeating advanced threat actors
• Experience as a security technology leader with implementation skills
• Leadership skills with an ability to inspire security teams through curiosity and a passion for engaging with and stopping threat actors from exploiting organizations
• Ability to work creatively and analytically in a problem-solving environment
• Knowledge of Information Security technologies, markets and vendors
• Knowledge in the field of information systems security, including such areas as identity and access management, security operations, incident response, security program policies, processes and procedures and various supporting security technologies
• Persuasion skills when working with internal and external partners to resolve issues/problems
• Ability to make timely and effective decisions and produce results through strategic planning and the implementation and evaluation of programs and policies
• Project management skills. Demonstrates ability to evaluate project objectives and scope feasibility, gain understanding, schedule resources, and manage budget to plan
• Oral and written communication skills, demonstrating the ability to convey business terminology that is meaningful and well received
• People management skills, demonstrating an ability to lead, mentor and develop associates
• Facilitation skills with the ability to lead virtual teams to desired outcomes and obtain buy-in from senior leadership on deliverables
• Analytical and problem-solving skills
• Ability to work well within and manage a team
• Certified Information Systems Security Professional or similar (e.g. CISSP, ISC or CISM) Required

What you can expect from RGA:

• Gain valuable knowledge from and experience with diverse, caring colleagues around the world.
• Enjoy a respectful, welcoming environment that fosters individuality and encourages pioneering thought.
• Join the bright and creative minds of RGA, and experience vast, endless career potential.

#J-18808-Ljbffr

You desire impactful work.

You’re

RGA ready RGA is a purpose-driven organization working to solve today’s challenges through innovation and collaboration. A Fortune 500 Company and listed among its

World’s Most Admired Companies , we’re the only global reinsurance company to focus primarily on life- and health-related solutions. Join our multinational team of intelligent, motivated, and collaborative people, and help us make financial protection accessible to all. A Brief Overview

Lead, manage and direct the Regional Security Architecture, Engineering, Operations, Governance, Risk, Compliance and Security Incident Response teams and processes. Act as the operational executive responsible for delivering all security capabilities in the geographic region, necessary to protect the global RGA enterprise while maintaining contractual and regulatory requirements. Oversee and deliver the continually improving security capabilities regionally in support of RGA regional subsidiaries and global security requirements. Communicate and collaborate with and brief senior Security, IT and business leaders to ensure efficient and effective delivery of global security services in the region while aligning with global security and risk management standards. Participate as the primary RGA leader responsible for leading and coordinating the delivery of all security capabilities in the region with the goal of minimizing associated potential business impacts. What you will do Lead a senior team to develop, implement and continually enhance regional security architecture, engineering, governance, risk, compliance and incident response capabilities. Support global policies and standards; proposes changes to existing policies, standards and procedures; directs implementation of policies, standards and procedures in the region to ensure effective security and risk management outcomes. Drive regional development and deployment of security capabilities, architectural implementation, configuration, risk management, data collection and analysis as well as logging and alerting requirements for the RGA enterprise. Enhance existing regional security and risk management capabilities through a mix of people, processes and technologies which increase capability maturity and reduce the likelihood that threat actors will circumvent security capabilities within the region. Provide expansive information security expertise in the diagnosis of control requirements shortfalls, identification of business risks, evaluation of solution alternatives and delivery of systems solutions to assist in the identification, prevention, detection, response, and eradication of threat activity within the region. Serve as a key advisor for information security, data privacy, disaster recovery, and physical security for RGA on trends and emerging risks within the region. Represent Global Security, Governance, Risk Management, Security Operations, and Incident Response advocating for information security, data privacy, disaster recovery, and physical security best practices working with all other appropriate stakeholders. Lead, manage and direct the activities of department management in all aspects of supervisory duties, including, but not limited to hiring, training, evaluating, coaching, and disciplining direct reports. Foster a positive and engaged work environment. Mentor associates and give guidance on associate development. Qualifications Bachelor’s Degree in Arts/Sciences (BA/BS) Master’s degree in Arts/Sciences (MA/MS) is preferred 10+ Years progressive professional experience evaluating, delivering, and/or managing in a complex IT environment(s) as well as people management experience 15+ Years professional experience including 7 years working in a complex, global corporation 15+ Years professional experience in information security 3+ Years experience in technology architecture and development 3+ Years experience engaging with and defeating advanced threat actors Experience as a security technology leader with implementation skills Leadership skills with an ability to inspire security teams through curiosity and a passion for engaging with and stopping threat actors from exploiting organizations Ability to work creatively and analytically in a problem-solving environment Knowledge of Information Security technologies, markets and vendors Knowledge in the field of information systems security, including such areas as identity and access management, security operations, incident response, security program policies, processes and procedures and various supporting security technologies Persuasion skills when working with internal and external partners to resolve issues/problems Ability to make timely and effective decisions and produce results through strategic planning and the implementation and evaluation of programs and policies Project management skills. Demonstrates ability to evaluate project objectives and scope feasibility, gain understanding, schedule resources, and manage budget to plan Oral and written communication skills, demonstrating the ability to convey business terminology that is meaningful and well received People management skills, demonstrating an ability to lead, mentor and develop associates Facilitation skills with the ability to lead virtual teams to desired outcomes and obtain buy-in from senior leadership on deliverables Analytical and problem-solving skills Ability to work well within and manage a team Certified Information Systems Security Professional or similar (e.g. CISSP, ISC or CISM) Required What you can expect from RGA: Gain valuable knowledge from and experience with diverse, caring colleagues around the world. Enjoy a respectful, welcoming environment that fosters individuality and encourages pioneering thought. Join the bright and creative minds of RGA, and experience vast, endless career potential.

#J-18808-Ljbffr

Canonical Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia

Join or sign in to find your next job

Join to apply for the Security Risk Management Specialist role at Canonical

Canonical Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia

Join to apply for the Security Risk Management Specialist role at Canonical

In security risk management we're looking to harness the power of industry best practice combined with driving new innovation on how we do security risk assessments and modelling. Our security risk management team is the primary owner of the strategy and practices of how we identify, track and reduce our security risk across everything we do.

To support this we need to use industry best practices paired with emerging threat information to to promote risk identification, quantification, impact analysis, and modelling to ultimately drive decision making. In this role, you will help establish and execute a broad strategic vision for the security risk program at Canonical. You will not only work within the team but also cross-functionally with various teams across the organisation. The team contributes ideas and requirements for Canonical product security, improving the resilience and robustness of all Ubuntu customers and users subject to cyber attacks. Additionally, the team collaborates with our Organisational Learning and Development team to develop playbooks and facilitate security training across Canonical.

The security risk management team's mission is not only to secure Canonical, but also to contribute to the security of the wider open source ecosystem. They might share knowledge through public presentations and industry events, and share threat intelligence with the wider community or represent Canonical in sector-specific governance bodies.

What you will do in this role:

• Define Canonical's security risk management standards and playbooks
• Analyse and improve Canonical's security risk practices
• Evaluate, select and implement new security requirements, tools and practices
• Grow the presence and thought leadership of Canonical security risk management practice
• Develop Canonical security risk learning and development materials
• Work with Security leadership to present information and influence change
• Participate in developing key risk indicators, provide inputs to the development of key control indicators, and key performance indicators for various programs
• Apply statistical models to risk frameworks (such as FAIR, sensitivity analysis, and others)
• Participate in risk management, decision-making, and collaborative discussions
• Lead quantified risk assessments and understand the value of qualitative data for improvements to quality and engineering processes
• Interpret internal or external cyber security risk analyses in business terms and recommend a responsible course of action
• Develop templates and materials to help with self-service risk management actions
• Monitor and identify opportunities to improve the effectiveness of risk management processes
• Launch campaigns to perform security assessments and help mitigate security risks across the company
• Build evaluation methods and performance indicators to measure efficiency of security functions and capabilities.
  
  

What we are looking for

• An exceptional academic track record
• Undergraduate degree in Computer Science or STEM, or a compelling narrative about your alternative path
• Drive and a track record of going above-and-beyond expectations
• Deep personal motivation to be at the forefront of technology security
• Leadership and management ability
• Excellent business English writing and presentation skills
• Problem-solver with excellent communication skills, a deep technical understanding of security assessments and risk management
• Expertise in threat modelling and risk management frameworks
• Broad knowledge of how to operationalize the management of security risk
• Experience in Secure Development Lifecycle and Security by Design methodology
  
  

What we offer you

We consider geographical location, experience, and performance in shaping compensation worldwide. We revisit compensation annually (and more often for graduates and associates) to ensure we recognise outstanding performance. In addition to base pay, we offer a performance-driven annual bonus. We provide all team members with additional benefits, which reflect our values and ideals. We balance our programs to meet local needs and ensure fairness globally.

• Distributed work environment with twice-yearly team sprints in person
• Personal learning and development budget of USD 2,000 per year
• Annual compensation review
• Recognition rewards
• Annual holiday leave
• Maternity and paternity leave
• Employee Assistance Programme
• Opportunity to travel to new locations to meet colleagues
• Priority Pass, and travel upgrades for long haul company events
  
  

About Canonical

Canonical is a pioneering tech firm at the forefront of the global move to open source. As the company that publishes Ubuntu, one of the most important open source projects and the platform for AI, IoT and the cloud, we are changing the world on a daily basis. We recruit on a global basis and set a very high standard for people joining the company. We expect excellence - in order to succeed, we need to be the best at what we do. Canonical has been a remote-first company since its inception in 2004. Working here is a step into the future, and will challenge you to think differently, work smarter, learn new skills, and raise your game.

Canonical is an equal opportunity employer

We are proud to foster a workplace free from discrimination. Diversity of experience, perspectives, and background create a better work environment and better products. Whatever your identity, we will give your application fair consideration.

Seniority level

• Seniority level Entry level

Employment type

• Employment type Full-time

Job function

• Job function Finance and Sales
• Industries Software Development

Referrals increase your chances of interviewing at Canonical by 2x

Get notified about new Risk Management Specialist jobs in Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia .

Risk Analyst (night shift - remote work)

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 3 weeks ago

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 1 week ago

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 5 months ago

WP. Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 1 week ago

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 5 months ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

#J-18808-Ljbffr