What Jobs are available for Junior Security Consultant in Malaysia?
Showing 82 Junior Security Consultant jobs in Malaysia
Security Consultant
Kuala Lumpur, Kuala Lumpur
Nettitude Group
Posted 2 days ago
Job Viewed
Job Description
At LRQA our focus has always been on excellence in cyber security. We have teams that offer world class services in red teaming, penetration testing, threat intelligence, research and development, detection and response, governance, risk, and compliance, and plenty more. Our business is global and so are our clients. We work closely with central banks, central and local government, critical national infrastructure, large retailers, and plenty more besides! We’re an award-winning provider of cyber security services and we’re at a very exciting stage of development. We are looking for the right people to join us as we embrace the challenges thrown up by the advancements within the IT industry and within the threats faced. LRQA will be at the forefront of this arena and we want to seek the right people to join the team and make it happen. You can find out more about us at The Role
There is a new, exciting opportunity for a Security Consultant to join LRQA’s existing dynamic Global Penetration Testing Team. Our security consultants are responsible for leading and delivering their own penetration testing security engagements with our clients. This includes the full lifecycle of an engagement from kick off call, testing, report creation, report delivery to debrief. Location
This role is hybrid working and will involve working on client site from time to time. We can support working from across Malaysia, but the office is in Kuala Lumpur. All applicants will require residence in Malaysia. What You Will Be Doing In Your Role
In your role you will: Deliver penetration testing against a wide variety of systems. This is the core of the role. Perform engagement kick off calls, wrap up calls, email responses and debriefs for each penetration test you deliver. Write full and thorough reports for each engagement that show thoughtfulness and constant improvement, incorporating feedback from quality assurance reviews. Assist in penetration testing presales activities, providing technical assessment of scope, principal security concerns and testing methodology to the Account Manager. Develop client relationships and ensure LRQA always delivers professional consultative style engagements. If relevant, provide technical analysis of current IT Security related events. Be a continuous learner, keeping up to date on a wide variety of IT Security related skills and industry knowledge. Mentor less experienced security consultants where appropriate. Key Skills & Certifications
There are
no fixed set of skills required to be a successful candidate . However, the successful candidate will demonstrate at least some of the following: Penetration testing experience. You should be very confident with at least one of the following: web application, infrastructure, or mobile application penetration testing. You love getting involved in deep technical challenges, while at the same time being able to abstract and explain the most complex issues to a C level executive. An ability to teach and mentor other members of the team is a distinct advantage; it’s part of what makes us LRQA! You code open-source tools, contribute to security blogs, or participate in CTFs. A passion for cyber, a thirst for knowledge and a constant desire to push yourself to the max. In depth knowledge and understanding of applications and networking. A background in Information Technology, such as development, networking, system administration is an advantage. A specialisation is a distinct advantage, such as cloud penetration testing skills, exploit development, reverse engineering etc. We are
flexible on certifications , based on your capabilities and experience. We’re not looking for badge collectors; we look far deeper than that. However, one or more of the following will serve as a distinct advantage: A BSc degree in a (or equivalent) in a technical discipline. CREST Registered Tester or CREST Certified Tester. Offensive Security certifications, e.g. OSCP. AWS Security Specialty / Azure AZ-500. CSK / CCSP / CISSP Any other relevant penetration testing or IT certification. Why Should You Work With Us?
We have industry leading levels of employee retention, and for good reason; we’re the kind of place that no one wants to leave! Our cyber unit includes the full spectrum of services from SOC analysis and Incident Response through Penetration Testing, Adversarial Simulation (Red Teaming) and Threat Intelligence. There are always people available to help you and always more to learn. We push ourselves to be excellent, so if you’re the kind of person who loves deep technical challenges and a fantastic work environment, we welcome your interest. Please do visit our website to understand more about how we develop our people, work on cutting edge engagement and offer multiple career progression paths. What We Offer
We offer you an exciting working environment with intellectual challenges, responsibility, and high-level client interaction. An attractive package is available for the right candidate. Apply?
Are you interested in this job? Apply now via the ‘apply’ button and upload your resume and cover letter.
#J-18808-Ljbffr
There is a new, exciting opportunity for a Security Consultant to join LRQA’s existing dynamic Global Penetration Testing Team. Our security consultants are responsible for leading and delivering their own penetration testing security engagements with our clients. This includes the full lifecycle of an engagement from kick off call, testing, report creation, report delivery to debrief. Location
This role is hybrid working and will involve working on client site from time to time. We can support working from across Malaysia, but the office is in Kuala Lumpur. All applicants will require residence in Malaysia. What You Will Be Doing In Your Role
In your role you will: Deliver penetration testing against a wide variety of systems. This is the core of the role. Perform engagement kick off calls, wrap up calls, email responses and debriefs for each penetration test you deliver. Write full and thorough reports for each engagement that show thoughtfulness and constant improvement, incorporating feedback from quality assurance reviews. Assist in penetration testing presales activities, providing technical assessment of scope, principal security concerns and testing methodology to the Account Manager. Develop client relationships and ensure LRQA always delivers professional consultative style engagements. If relevant, provide technical analysis of current IT Security related events. Be a continuous learner, keeping up to date on a wide variety of IT Security related skills and industry knowledge. Mentor less experienced security consultants where appropriate. Key Skills & Certifications
There are
no fixed set of skills required to be a successful candidate . However, the successful candidate will demonstrate at least some of the following: Penetration testing experience. You should be very confident with at least one of the following: web application, infrastructure, or mobile application penetration testing. You love getting involved in deep technical challenges, while at the same time being able to abstract and explain the most complex issues to a C level executive. An ability to teach and mentor other members of the team is a distinct advantage; it’s part of what makes us LRQA! You code open-source tools, contribute to security blogs, or participate in CTFs. A passion for cyber, a thirst for knowledge and a constant desire to push yourself to the max. In depth knowledge and understanding of applications and networking. A background in Information Technology, such as development, networking, system administration is an advantage. A specialisation is a distinct advantage, such as cloud penetration testing skills, exploit development, reverse engineering etc. We are
flexible on certifications , based on your capabilities and experience. We’re not looking for badge collectors; we look far deeper than that. However, one or more of the following will serve as a distinct advantage: A BSc degree in a (or equivalent) in a technical discipline. CREST Registered Tester or CREST Certified Tester. Offensive Security certifications, e.g. OSCP. AWS Security Specialty / Azure AZ-500. CSK / CCSP / CISSP Any other relevant penetration testing or IT certification. Why Should You Work With Us?
We have industry leading levels of employee retention, and for good reason; we’re the kind of place that no one wants to leave! Our cyber unit includes the full spectrum of services from SOC analysis and Incident Response through Penetration Testing, Adversarial Simulation (Red Teaming) and Threat Intelligence. There are always people available to help you and always more to learn. We push ourselves to be excellent, so if you’re the kind of person who loves deep technical challenges and a fantastic work environment, we welcome your interest. Please do visit our website to understand more about how we develop our people, work on cutting edge engagement and offer multiple career progression paths. What We Offer
We offer you an exciting working environment with intellectual challenges, responsibility, and high-level client interaction. An attractive package is available for the right candidate. Apply?
Are you interested in this job? Apply now via the ‘apply’ button and upload your resume and cover letter.
#J-18808-Ljbffr
Is this job a match or a miss?
This advertiser has chosen not to accept applicants from your region.
0
Principal Security Consultant
Cyberjaya
Awantec
Posted today
Job Viewed
Job Description
Responsibilities
Perform security risk and controls assessments, gap analyses, and compliance readiness engagements Conduct penetration testing, vulnerability assessments, and report actionable remediation Develop and implement security frameworks based on ISO 27001, NIST CSF, and RMiT for clients Design and deliver compliance dashboards to support CXOs and audit committees Lead ISMS certification programs for clients, from initiation through audit closure Provide technical and compliance advisory during Managed SOC onboarding and client SOC integration Support the design and implementation of AI-enabled security use cases (XDR, IAM, PAM) as part of advisory work Deliver awareness and training programs under the Awantec Cyber Academy Act as subject matter expert in compliance-related incident response and audits Collaborate on developing standard compliance “packs” to accelerate consulting delivery and support Cybersecurity-as-a-Service (CSaaS) offerings Job Responsibilities
Deliver client-facing engagements in cyber risk consulting, compliance readiness, and vulnerability assessments Lead ISMS, NIST, PDPA, RMIT, PCI DSS, SOC 2, and CSA Star audit support, ensuring high client pass rates and alignment with Awantec’s compliance dashboards Provide technical oversight for penetration testing, vulnerability assessments, and SOC risk workflows, ensuring risk-based triage and compliance integration Actively participate in NACSA, Cybersecurity Malaysia, and CGSO regulatory frameworks, ensuring Awantec’s alignment with national initiatives Support Awantec’s Cyber Academy by developing training modules in compliance, risk governance, and penetration testing Collaborate with sales and pre-sales teams to scope engagements, build proposals, and present up to C-level stakeholders Support Phase 1 service delivery under the Cybersecurity Services Roadmap: Risk consulting and certification readiness (RMiT, ISO 27001, NIST CSF) Security Posture Assessments (Google Workspace, endpoint EDR, VPC firewall) Vulnerability assessment & penetration testing (VAPT) Compliance dashboards tailored for CXOs and auditors Advisory support for SOC readiness and integration into Managed SOC services Qualifications
Bachelor’s degree in Computer Science, Information Technology, or related field Professional certifications such as ISO 27001 Lead Implementer, CEH, GIAC Penetration Tester, and Certified Network Defender (CND) are highly expected to ensure credibility in delivery A minimum of 8 years’ proven experience in information security and compliance, ideally with exposure to regulatory environments such as MCMC, SIRIM, BSI, NIOSH, or equivalent bodies, as well as enterprise compliance audits, is strongly required to perform effectively in this role Strong client-facing skills, with experience presenting to regulators and senior executives Hands-on experience in policy development, risk governance, and audit management Desired Experience/Exposure
Penetration testing, VAPT, and vulnerability management Governance, risk, and compliance (GRC) consulting Public sector and GLC regulatory requirements (PDPA, RMiT, Cybersecurity Act 2024) SOCaaS environments, compliance dashboards, and risk-based monitoring International and national cybersecurity policy engagement
#J-18808-Ljbffr
Perform security risk and controls assessments, gap analyses, and compliance readiness engagements Conduct penetration testing, vulnerability assessments, and report actionable remediation Develop and implement security frameworks based on ISO 27001, NIST CSF, and RMiT for clients Design and deliver compliance dashboards to support CXOs and audit committees Lead ISMS certification programs for clients, from initiation through audit closure Provide technical and compliance advisory during Managed SOC onboarding and client SOC integration Support the design and implementation of AI-enabled security use cases (XDR, IAM, PAM) as part of advisory work Deliver awareness and training programs under the Awantec Cyber Academy Act as subject matter expert in compliance-related incident response and audits Collaborate on developing standard compliance “packs” to accelerate consulting delivery and support Cybersecurity-as-a-Service (CSaaS) offerings Job Responsibilities
Deliver client-facing engagements in cyber risk consulting, compliance readiness, and vulnerability assessments Lead ISMS, NIST, PDPA, RMIT, PCI DSS, SOC 2, and CSA Star audit support, ensuring high client pass rates and alignment with Awantec’s compliance dashboards Provide technical oversight for penetration testing, vulnerability assessments, and SOC risk workflows, ensuring risk-based triage and compliance integration Actively participate in NACSA, Cybersecurity Malaysia, and CGSO regulatory frameworks, ensuring Awantec’s alignment with national initiatives Support Awantec’s Cyber Academy by developing training modules in compliance, risk governance, and penetration testing Collaborate with sales and pre-sales teams to scope engagements, build proposals, and present up to C-level stakeholders Support Phase 1 service delivery under the Cybersecurity Services Roadmap: Risk consulting and certification readiness (RMiT, ISO 27001, NIST CSF) Security Posture Assessments (Google Workspace, endpoint EDR, VPC firewall) Vulnerability assessment & penetration testing (VAPT) Compliance dashboards tailored for CXOs and auditors Advisory support for SOC readiness and integration into Managed SOC services Qualifications
Bachelor’s degree in Computer Science, Information Technology, or related field Professional certifications such as ISO 27001 Lead Implementer, CEH, GIAC Penetration Tester, and Certified Network Defender (CND) are highly expected to ensure credibility in delivery A minimum of 8 years’ proven experience in information security and compliance, ideally with exposure to regulatory environments such as MCMC, SIRIM, BSI, NIOSH, or equivalent bodies, as well as enterprise compliance audits, is strongly required to perform effectively in this role Strong client-facing skills, with experience presenting to regulators and senior executives Hands-on experience in policy development, risk governance, and audit management Desired Experience/Exposure
Penetration testing, VAPT, and vulnerability management Governance, risk, and compliance (GRC) consulting Public sector and GLC regulatory requirements (PDPA, RMiT, Cybersecurity Act 2024) SOCaaS environments, compliance dashboards, and risk-based monitoring International and national cybersecurity policy engagement
#J-18808-Ljbffr
Is this job a match or a miss?
This advertiser has chosen not to accept applicants from your region.
1
Security Consultant - MDR
Kuala Lumpur, Kuala Lumpur
PentagonPlus
Posted 4 days ago
Job Viewed
Job Description
Overview Security Consultant - MDR
This company is an Industry Leader in Cybersecurity services and solutions. They are also CREST Accredited for the provision of Penetration Testing (Pentest) services.
This is a technical lead position inside the Managed Detection & Response service. In this role, you will lead intricate investigations, working directly with customers to assist them in investigating and responding to security incidents. As a senior team member, you will mentor less experienced analysts and drive continuous improvement in our detection and response capabilities. This position requires a strong foundation in cybersecurity operations, a deep understanding of various security solutions commonly deployed in enterprise environments (such as SIEM and XDR), and the ability to train others and develop complex processes and procedures to increase service efficiency.
Responsibilities
Lead triage and full lifecycle investigation of high-severity security incidents (endpoint, network, cloud).
Coordinate responders, perform containment/remediation decisions, drive post-incident RCA and lessons learned.
Design, implement, test and tune detections across EDR, NDR, SIEM, and cloud logs; map detections to MITRE ATT&CK.
Create and maintain playbooks / runbooks and SOAR automations to reduce MTTR and analyst load.
Develop and maintain detection coverage metrics and SLAs; own escalations and communication with customers for incidents.
Mentor and train Tier 1/2 analysts; conduct quality reviews of investigations and escalate when appropriate.
Contribute to the development, documentation, analysis, testing, and modification of threat detection systems and playbooks.
Provide feedback on gaps or improvements needed in processes, documentation, or technology.
Maintain an up-to-date knowledge of threat actor techniques and tools and share insights and best practices with the broader team, championing a culture of continuous learning.
Requirements
5+ years of experience in cybersecurity operations (monitoring, detection, investigation, and incident response).
Strong endpoint, OS (Windows, Linux, macOS), and networking knowledge including ability to read logs, parse artifacts, and interpret network flows.
Scripting, and automation such as Python, PowerShell, Bash, and ability to author detection queries and automate tasks.
Familiarity with malware analysis concepts (static/dynamic), YARA, and reverse-engineering basics.
Understanding of identity & access compromise, lateral movement, persistence mechanisms, and enterprise attack surfaces.
Expertise with various log sources, such as Office365, Azure, Entra, SharePoint, OneDrive, Exchange Online, Windows Active Directory, Windows Event Logs, Syslog, DNS, VPN, and the ability to interpret and analyze these logs for anomalies and security incidents.
Excellent written and verbal communication; experience producing incident reports and presenting to technical and executive stakeholders.
#J-18808-Ljbffr
This company is an Industry Leader in Cybersecurity services and solutions. They are also CREST Accredited for the provision of Penetration Testing (Pentest) services.
This is a technical lead position inside the Managed Detection & Response service. In this role, you will lead intricate investigations, working directly with customers to assist them in investigating and responding to security incidents. As a senior team member, you will mentor less experienced analysts and drive continuous improvement in our detection and response capabilities. This position requires a strong foundation in cybersecurity operations, a deep understanding of various security solutions commonly deployed in enterprise environments (such as SIEM and XDR), and the ability to train others and develop complex processes and procedures to increase service efficiency.
Responsibilities
Lead triage and full lifecycle investigation of high-severity security incidents (endpoint, network, cloud).
Coordinate responders, perform containment/remediation decisions, drive post-incident RCA and lessons learned.
Design, implement, test and tune detections across EDR, NDR, SIEM, and cloud logs; map detections to MITRE ATT&CK.
Create and maintain playbooks / runbooks and SOAR automations to reduce MTTR and analyst load.
Develop and maintain detection coverage metrics and SLAs; own escalations and communication with customers for incidents.
Mentor and train Tier 1/2 analysts; conduct quality reviews of investigations and escalate when appropriate.
Contribute to the development, documentation, analysis, testing, and modification of threat detection systems and playbooks.
Provide feedback on gaps or improvements needed in processes, documentation, or technology.
Maintain an up-to-date knowledge of threat actor techniques and tools and share insights and best practices with the broader team, championing a culture of continuous learning.
Requirements
5+ years of experience in cybersecurity operations (monitoring, detection, investigation, and incident response).
Strong endpoint, OS (Windows, Linux, macOS), and networking knowledge including ability to read logs, parse artifacts, and interpret network flows.
Scripting, and automation such as Python, PowerShell, Bash, and ability to author detection queries and automate tasks.
Familiarity with malware analysis concepts (static/dynamic), YARA, and reverse-engineering basics.
Understanding of identity & access compromise, lateral movement, persistence mechanisms, and enterprise attack surfaces.
Expertise with various log sources, such as Office365, Azure, Entra, SharePoint, OneDrive, Exchange Online, Windows Active Directory, Windows Event Logs, Syslog, DNS, VPN, and the ability to interpret and analyze these logs for anomalies and security incidents.
Excellent written and verbal communication; experience producing incident reports and presenting to technical and executive stakeholders.
#J-18808-Ljbffr
Is this job a match or a miss?
This advertiser has chosen not to accept applicants from your region.
2
IT Security Consultant
Kuala Lumpur, Kuala Lumpur
EPS Malaysia
Posted 4 days ago
Job Viewed
Job Description
Overview Posting Date : 07 Oct 2025 | Close Date :05 Jan 2026
Position: IT Security Consultant
Job Purpose
This role is responsible to manage information risk, to ensure compliance of Security Standards practised by the services/organization and to provide security support on application, projects and to prevent the unintentional, unlawful, or unauthorized disclosure, alteration, or destruction of IT resources.
Key Responsibilities
Responsible to manage operational IT Security for a high availability financial service and work on the reporting & improvement as well as facilitate in audits and trainings.
To drive Analysis & handling of security vulnerabilities & incidents.
Establish, maintain and review compliance with Operational Security processes and procedures periodically and to ensure these are met and monitored.
Establish, maintain and review strict access control to information and IT systems according to business needs and access policies.
Perform Access Management activities (grant, change and revoke access privileges).
Establish and maintain an environment that complies with the Payment Card Industry Standards & Requirements, the Information Security Management Framework and other applicable security standards and Baselines.
Monitor and manage security controls (system settings, logs, alerts, audit trails, attempts, violations, faulty logons, lockouts, etc.)
To work closely with clients/ application/ infrastructure owners in applying and implementing the new security changes/solutions (e.g, protection concept, security specifications, architecture and design, security assessment).
Exposure and to work on Security Operation Center (SOC) Tools, maintenance and operations support.
Preferred Skills
Knowledge/ Exposure on Baseline controls a.k.a environmental controls, application generic control, Third Party Access controls and Legal and Regulatory controls
Understanding and exposure working with External auditors on ISAE 3402, PCI-DSS compliance and other mandatory standards, health and safety, ISO/IEC 27001:2005, 27002:2005 and 27005:2008 . Internal
Maintaining mandatory standards, health and safety, ISO/IEC 27001:2005, 27002:2005 and 27005:2008
Self-starter who can work autonomously and independently and willing to learn and explore compliance and IT security.
Good written and verbal communications, and ability to productively interact across internal/external stakeholders, auditors and functions.
Broad understanding of security technology, IT security Standards and compliance.
Qualifications
You have a university degree, followed by depth experience in the field of Governance or Compliance with focus on IT security.
Overall 8-10 years working experience in IT industry with at least 5 years’ experience in IT Security & Compliance.
Self-motivated and able to work independently as well as a team player.
Good to have: - Cards and Payment domain knowledge, Exposure or understanding on PCI DSS, PCI PA-DSS, Security Industry standards, IT Security and Assurance, TIA Knowledge/ practice, Infrastructure Security Knowledge/ Practice, Multiple OS and AD Knowledge practice and SIEM Knowledge / Practice. - Experience in an IT operations-related field such as IT Security, IT Admin, Disaster Recovery or Maintenance of SOC tools
Sub Specialization : Information Technology;IT Security
Type of Employment : Permanent
Minimum Experience : 8 Years
Work Location : Kuala Lumpur
#J-18808-Ljbffr
Position: IT Security Consultant
Job Purpose
This role is responsible to manage information risk, to ensure compliance of Security Standards practised by the services/organization and to provide security support on application, projects and to prevent the unintentional, unlawful, or unauthorized disclosure, alteration, or destruction of IT resources.
Key Responsibilities
Responsible to manage operational IT Security for a high availability financial service and work on the reporting & improvement as well as facilitate in audits and trainings.
To drive Analysis & handling of security vulnerabilities & incidents.
Establish, maintain and review compliance with Operational Security processes and procedures periodically and to ensure these are met and monitored.
Establish, maintain and review strict access control to information and IT systems according to business needs and access policies.
Perform Access Management activities (grant, change and revoke access privileges).
Establish and maintain an environment that complies with the Payment Card Industry Standards & Requirements, the Information Security Management Framework and other applicable security standards and Baselines.
Monitor and manage security controls (system settings, logs, alerts, audit trails, attempts, violations, faulty logons, lockouts, etc.)
To work closely with clients/ application/ infrastructure owners in applying and implementing the new security changes/solutions (e.g, protection concept, security specifications, architecture and design, security assessment).
Exposure and to work on Security Operation Center (SOC) Tools, maintenance and operations support.
Preferred Skills
Knowledge/ Exposure on Baseline controls a.k.a environmental controls, application generic control, Third Party Access controls and Legal and Regulatory controls
Understanding and exposure working with External auditors on ISAE 3402, PCI-DSS compliance and other mandatory standards, health and safety, ISO/IEC 27001:2005, 27002:2005 and 27005:2008 . Internal
Maintaining mandatory standards, health and safety, ISO/IEC 27001:2005, 27002:2005 and 27005:2008
Self-starter who can work autonomously and independently and willing to learn and explore compliance and IT security.
Good written and verbal communications, and ability to productively interact across internal/external stakeholders, auditors and functions.
Broad understanding of security technology, IT security Standards and compliance.
Qualifications
You have a university degree, followed by depth experience in the field of Governance or Compliance with focus on IT security.
Overall 8-10 years working experience in IT industry with at least 5 years’ experience in IT Security & Compliance.
Self-motivated and able to work independently as well as a team player.
Good to have: - Cards and Payment domain knowledge, Exposure or understanding on PCI DSS, PCI PA-DSS, Security Industry standards, IT Security and Assurance, TIA Knowledge/ practice, Infrastructure Security Knowledge/ Practice, Multiple OS and AD Knowledge practice and SIEM Knowledge / Practice. - Experience in an IT operations-related field such as IT Security, IT Admin, Disaster Recovery or Maintenance of SOC tools
Sub Specialization : Information Technology;IT Security
Type of Employment : Permanent
Minimum Experience : 8 Years
Work Location : Kuala Lumpur
#J-18808-Ljbffr
Is this job a match or a miss?
This advertiser has chosen not to accept applicants from your region.
3
Cyber Security Consultant
Kuala Lumpur, Kuala Lumpur
EC-Council Global Services
Posted 10 days ago
Job Viewed
Job Description
Information Technology Governance Consultant Role Type: Full-time
Role Overview We are seeking an experienced Senior Consultant – IT to join our team. The ideal candidate will help ensure that the organization’s IT systems are compliant with regulatory requirements and industry best practices. The consultant will be responsible for developing, implementing, and managing IT governance frameworks, identifying risks, and ensuring proper controls are in place to mitigate these risks. This role will require expertise in IT compliance, risk management, and security frameworks such as ISO 27001, NIST, GDPR, and others.
Key Responsibilities
Plan, delegate, and monitor project tasks, ensuring timelines, budgets, and quality standards are met.
Coach, mentor, and support the professional development of junior team members.
Client Engagement & Advisory
Deliver high-quality consulting services to clients.
Serve as the primary point of contact for clients on GRC-related projects.
Understand client needs and provide tailored cybersecurity governance, risk management, and compliance solutions.
Facilitate workshops, meetings, and presentations with client stakeholders.
Governance & Risk Management
Design and implement IT governance frameworks aligned with industry standards (e.g., COBIT, ISO 27001, NIST CSF).
Conduct IT risk assessments, gap analyses, and maturity assessments across people, processes, and technology.
Recommend and implement risk mitigation strategies and controls.
Compliance & Audit Readiness
Assist clients in achieving and maintaining compliance with regulatory and industry standards (e.g., BNM RMiT, MCA, SOC 2, ISO27001).
Lead compliance audits and readiness assessments.
Develop policies, procedures, and documentation to support compliance initiatives.
Framework Implementation
Guide clients in adopting and operationalizing cybersecurity and GRC frameworks (ISO, NIST, CIS, etc.).
Translate technical requirements into business-aligned risk strategies.
Reporting & Communication
Provide regular status updates to both internal and external stakeholders.
Communicate technical risk concepts in a clear, business-focused manner.
Develop and enhance IT GRC service methodologies.
Stay up to date with emerging regulations, standards, and industry trends.
Business Development Support
Assist in proposal development, RFP responses, and client pitches.
Identify new opportunities within existing client accounts.
Bridge client requirements with our service offerings.
Required Qualifications
Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Business IT or equivalent
5 years of experience in IT Governance, Risk Management, Compliance, or Cybersecurity.
Familiar with cybersecurity standards/information security standards, best practices, laws, guidelines, benchmarks, etc., such as ISO 27001, NIST CSF, CIS, SOC2, BNM RMiT and PDPA
Ability to manage multiple projects and deliver within the agreed timeline
Attention to detail, analytical and problem-solving capabilities
Excellent written, oral communication and presentation skills.
Preferably holding certifications such as ISO 27001: Lead Auditor, CISA, CISSP, CISM, CCISO, etc.) is an added advantage
Additional Information We are an equal opportunity workplace and an affirmative action employer. We are always committed to equal employment opportunity regardless of race, colour, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or veteran status and we do not discriminate on the basis of such characteristics or on the basis of any other status that is protected by the laws or regulations in the locations where we work.
EC-Council is committed to working with and providing reasonable accommodation to individuals with disabilities. If you have a medical condition or disability which inhibits your ability to complete any part of the application process and need reasonable accommodation to complete the process, please contact us at and let us know how we may assist you.
To be eligible to apply for this job, you must be able provide proof that you are either a citizen of the country or have legal authorization to work in the country where this job is posted and must be residing in the same country.
Our Privacy Policy outlines how we collect, use, and protect your personal data during the recruitment process. Please review it to understand our practices:
EC-Council Privacy policy - User and company | EC-Council
#J-18808-Ljbffr
Role Overview We are seeking an experienced Senior Consultant – IT to join our team. The ideal candidate will help ensure that the organization’s IT systems are compliant with regulatory requirements and industry best practices. The consultant will be responsible for developing, implementing, and managing IT governance frameworks, identifying risks, and ensuring proper controls are in place to mitigate these risks. This role will require expertise in IT compliance, risk management, and security frameworks such as ISO 27001, NIST, GDPR, and others.
Key Responsibilities
Plan, delegate, and monitor project tasks, ensuring timelines, budgets, and quality standards are met.
Coach, mentor, and support the professional development of junior team members.
Client Engagement & Advisory
Deliver high-quality consulting services to clients.
Serve as the primary point of contact for clients on GRC-related projects.
Understand client needs and provide tailored cybersecurity governance, risk management, and compliance solutions.
Facilitate workshops, meetings, and presentations with client stakeholders.
Governance & Risk Management
Design and implement IT governance frameworks aligned with industry standards (e.g., COBIT, ISO 27001, NIST CSF).
Conduct IT risk assessments, gap analyses, and maturity assessments across people, processes, and technology.
Recommend and implement risk mitigation strategies and controls.
Compliance & Audit Readiness
Assist clients in achieving and maintaining compliance with regulatory and industry standards (e.g., BNM RMiT, MCA, SOC 2, ISO27001).
Lead compliance audits and readiness assessments.
Develop policies, procedures, and documentation to support compliance initiatives.
Framework Implementation
Guide clients in adopting and operationalizing cybersecurity and GRC frameworks (ISO, NIST, CIS, etc.).
Translate technical requirements into business-aligned risk strategies.
Reporting & Communication
Provide regular status updates to both internal and external stakeholders.
Communicate technical risk concepts in a clear, business-focused manner.
Develop and enhance IT GRC service methodologies.
Stay up to date with emerging regulations, standards, and industry trends.
Business Development Support
Assist in proposal development, RFP responses, and client pitches.
Identify new opportunities within existing client accounts.
Bridge client requirements with our service offerings.
Required Qualifications
Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Business IT or equivalent
5 years of experience in IT Governance, Risk Management, Compliance, or Cybersecurity.
Familiar with cybersecurity standards/information security standards, best practices, laws, guidelines, benchmarks, etc., such as ISO 27001, NIST CSF, CIS, SOC2, BNM RMiT and PDPA
Ability to manage multiple projects and deliver within the agreed timeline
Attention to detail, analytical and problem-solving capabilities
Excellent written, oral communication and presentation skills.
Preferably holding certifications such as ISO 27001: Lead Auditor, CISA, CISSP, CISM, CCISO, etc.) is an added advantage
Additional Information We are an equal opportunity workplace and an affirmative action employer. We are always committed to equal employment opportunity regardless of race, colour, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or veteran status and we do not discriminate on the basis of such characteristics or on the basis of any other status that is protected by the laws or regulations in the locations where we work.
EC-Council is committed to working with and providing reasonable accommodation to individuals with disabilities. If you have a medical condition or disability which inhibits your ability to complete any part of the application process and need reasonable accommodation to complete the process, please contact us at and let us know how we may assist you.
To be eligible to apply for this job, you must be able provide proof that you are either a citizen of the country or have legal authorization to work in the country where this job is posted and must be residing in the same country.
Our Privacy Policy outlines how we collect, use, and protect your personal data during the recruitment process. Please review it to understand our practices:
EC-Council Privacy policy - User and company | EC-Council
#J-18808-Ljbffr
Is this job a match or a miss?
This advertiser has chosen not to accept applicants from your region.
4
SAP Security Consultant
Kuala Lumpur, Kuala Lumpur
HR Tech
Posted 13 days ago
Job Viewed
Job Description
Overview
Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia Job Description
Minimum of three years experience in SAP Authorizations with at least 1-2 full SAP implementation cycles. Experience in implementing and maintaining these applications, in regards to application authorizations. Good understanding of the Industry's Best Practice and SAP Audit Guidelines. Must have knowledge of SAP Enterprise Portal (EP) and is able to setup EP roles. Good team player, responsible and conscientious. Preferably to have SAP Certification in User Administrations/Authorizations. Ability to design, develop and articulate solutions based on strategic business or technical requirements. Ability to work independently and efficiently, managing timelines and expectations, and producing high-quality deliverables (documentation, presentation, research). Expertise in implementing and maintaining authorizations/security solutions for SAP systems (e.g. ERP, EP, BW, HANA, GRC) for at least 6 years full-time (incl. minimum four years experience in SAP Authorizations); Good understanding of Industry's Best Practices and SAP Audit Guidelines; Enhanced knowledge of automated data protection controls Knowledge of the newest security developments, trends, and tools; Proven track record of IT projects where working in a key technology role (i.e. subject matter expert, solution architect, tech lead); Good leadership and project management skills, professional and team-oriented approach to work, a strong sense of responsibility, ability to distribute tasks, assess and manage risks, define and control performance metrics; Has analytical and process thinking skills can provide Business Analysis, properly estimate tasks and propose solution architecture, Demonstrates strong communication, collaboration, coaching and interpersonal skills, teaches and enables other team members;
#J-18808-Ljbffr
Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia Job Description
Minimum of three years experience in SAP Authorizations with at least 1-2 full SAP implementation cycles. Experience in implementing and maintaining these applications, in regards to application authorizations. Good understanding of the Industry's Best Practice and SAP Audit Guidelines. Must have knowledge of SAP Enterprise Portal (EP) and is able to setup EP roles. Good team player, responsible and conscientious. Preferably to have SAP Certification in User Administrations/Authorizations. Ability to design, develop and articulate solutions based on strategic business or technical requirements. Ability to work independently and efficiently, managing timelines and expectations, and producing high-quality deliverables (documentation, presentation, research). Expertise in implementing and maintaining authorizations/security solutions for SAP systems (e.g. ERP, EP, BW, HANA, GRC) for at least 6 years full-time (incl. minimum four years experience in SAP Authorizations); Good understanding of Industry's Best Practices and SAP Audit Guidelines; Enhanced knowledge of automated data protection controls Knowledge of the newest security developments, trends, and tools; Proven track record of IT projects where working in a key technology role (i.e. subject matter expert, solution architect, tech lead); Good leadership and project management skills, professional and team-oriented approach to work, a strong sense of responsibility, ability to distribute tasks, assess and manage risks, define and control performance metrics; Has analytical and process thinking skills can provide Business Analysis, properly estimate tasks and propose solution architecture, Demonstrates strong communication, collaboration, coaching and interpersonal skills, teaches and enables other team members;
#J-18808-Ljbffr
Is this job a match or a miss?
This advertiser has chosen not to accept applicants from your region.
5
Cyber Security Consultant
Kuala Lumpur, Kuala Lumpur
EY
Posted 16 days ago
Job Viewed
Job Description
EY Federal Territory of Kuala Lumpur, Malaysia Cyber Security Consultant
Cybersecurity is no longer just an IT issue—it's a business imperative. At EY, we help organizations protect their assets, minimize disruption, and build resilience as they embrace digital transformation. We're expanding our market-leading cybersecurity team and looking for passionate professionals to join us as
Senior Associates . If you're ready to lead impactful engagements, work with cutting-edge technologies, and help clients navigate complex security challenges, this is your chance. What you'll do: Lead cybersecurity projects and deliver high-quality solutions Assess risks, perform penetration testing, and implement security programs Support clients in areas like data protection, threat management, and incident response Collaborate with global teams and contribute to business development What we're looking for: 1+ year of experience in cybersecurity or IT consulting Strong analytical, communication, and project management skills Professional certifications (CISSP, OSCP, CEH, CISM, etc.) are a plus A team player who thrives in a fast-paced, innovative environment We are an equal opportunities employer and are committed to creating an inclusive environment for all employees.
#J-18808-Ljbffr
Cybersecurity is no longer just an IT issue—it's a business imperative. At EY, we help organizations protect their assets, minimize disruption, and build resilience as they embrace digital transformation. We're expanding our market-leading cybersecurity team and looking for passionate professionals to join us as
Senior Associates . If you're ready to lead impactful engagements, work with cutting-edge technologies, and help clients navigate complex security challenges, this is your chance. What you'll do: Lead cybersecurity projects and deliver high-quality solutions Assess risks, perform penetration testing, and implement security programs Support clients in areas like data protection, threat management, and incident response Collaborate with global teams and contribute to business development What we're looking for: 1+ year of experience in cybersecurity or IT consulting Strong analytical, communication, and project management skills Professional certifications (CISSP, OSCP, CEH, CISM, etc.) are a plus A team player who thrives in a fast-paced, innovative environment We are an equal opportunities employer and are committed to creating an inclusive environment for all employees.
#J-18808-Ljbffr
Is this job a match or a miss?
This advertiser has chosen not to accept applicants from your region.
Be The First To Know
About the latest Junior security consultant Jobs in Malaysia !
6
OT Security Consultant
Kuala Lumpur, Kuala Lumpur
Accenture Southeast Asia
Posted 16 days ago
Job Viewed
Job Description
Join to apply for the
OT Security Consultant
role at
Accenture Southeast Asia About Accenture Accenture
is a global collective of innovators whose aim is to improve the way the world works and lives. Empowered with innovative tools, continuous learning and a global community of diverse talent, we drive success in new business architecture that disrupts conventional practices. Now we are looking to add an experienced
OT Cybersecurity Consultant
(Operational Technology) Accenture Security
helps organizations prepare, protect, detect, respond to, and recover, at all points of the security lifecycle. We hire the very best security talent and arm them with the coolest tools and latest tech so they can help our clients build resilience as we create integrated, customized turnkey solutions. We blend risk strategy, digital identity, cyber defense, application security and managed service solutions to rethink the entire security lifecycle. The Role This is an exciting opportunity to involve and execute on ICS/OT security engagements in critical infrastructure and/or mission critical environments. In this role, you will assess, identify, and develop security solutions for OT environments. Responsibilities include helping clients access their security posture, recommending improvements, and implementing solutions. Assessments include security frameworks, existing security measures and alignment with best practices. What We Offer A work environment with a focus on your personal growth. You work together with talented colleagues from all over the world on challenging projects for the highest-ranked international businesses. Within Accenture, we offer our employees many learning opportunities in the area of capability and personal development. Here’s What You Need Minimum 3-5 years’ experience assessing against standards and frameworks including one or more of the following: DOE C2M2, IEC-62243/ISA-99, NIST CSF, NERC CIP, etc. Minimum 3-5 years’ experience working with ICS technologies and/or environments on one or more of the following: SCADA, DCS, EMS, DMS, ADMS, PCN, RTUs, IACS, PLCs, HMIs, etc. Minimum 3-5 years working with cybersecurity functions of one or more of the following: vulnerability assessment and management processes, identity and access management, incident response and monitoring, etc. Problem-solving ability and strong analytical skills Experience of working with diverse teams and is a team player Relevant certifications (CISSP, GICSP, GRID, GCIP, etc.). Keep abreast with the latest technology trends and predictions Ability to drive the creation of prototypes and proof of concepts Able to effectively communicate, interact and influence business and operational stakeholders and partners Ability to deliver innovative solutions and consistently demonstrate customer outcomes Accenture is an equal opportunities employer and welcomes applications from all sections of society and does not discriminate on the grounds of race, religion or belief, ethnic or national origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, gender identity, or any other basis as protected by applicable law.
#J-18808-Ljbffr
OT Security Consultant
role at
Accenture Southeast Asia About Accenture Accenture
is a global collective of innovators whose aim is to improve the way the world works and lives. Empowered with innovative tools, continuous learning and a global community of diverse talent, we drive success in new business architecture that disrupts conventional practices. Now we are looking to add an experienced
OT Cybersecurity Consultant
(Operational Technology) Accenture Security
helps organizations prepare, protect, detect, respond to, and recover, at all points of the security lifecycle. We hire the very best security talent and arm them with the coolest tools and latest tech so they can help our clients build resilience as we create integrated, customized turnkey solutions. We blend risk strategy, digital identity, cyber defense, application security and managed service solutions to rethink the entire security lifecycle. The Role This is an exciting opportunity to involve and execute on ICS/OT security engagements in critical infrastructure and/or mission critical environments. In this role, you will assess, identify, and develop security solutions for OT environments. Responsibilities include helping clients access their security posture, recommending improvements, and implementing solutions. Assessments include security frameworks, existing security measures and alignment with best practices. What We Offer A work environment with a focus on your personal growth. You work together with talented colleagues from all over the world on challenging projects for the highest-ranked international businesses. Within Accenture, we offer our employees many learning opportunities in the area of capability and personal development. Here’s What You Need Minimum 3-5 years’ experience assessing against standards and frameworks including one or more of the following: DOE C2M2, IEC-62243/ISA-99, NIST CSF, NERC CIP, etc. Minimum 3-5 years’ experience working with ICS technologies and/or environments on one or more of the following: SCADA, DCS, EMS, DMS, ADMS, PCN, RTUs, IACS, PLCs, HMIs, etc. Minimum 3-5 years working with cybersecurity functions of one or more of the following: vulnerability assessment and management processes, identity and access management, incident response and monitoring, etc. Problem-solving ability and strong analytical skills Experience of working with diverse teams and is a team player Relevant certifications (CISSP, GICSP, GRID, GCIP, etc.). Keep abreast with the latest technology trends and predictions Ability to drive the creation of prototypes and proof of concepts Able to effectively communicate, interact and influence business and operational stakeholders and partners Ability to deliver innovative solutions and consistently demonstrate customer outcomes Accenture is an equal opportunities employer and welcomes applications from all sections of society and does not discriminate on the grounds of race, religion or belief, ethnic or national origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, gender identity, or any other basis as protected by applicable law.
#J-18808-Ljbffr
Is this job a match or a miss?
This advertiser has chosen not to accept applicants from your region.
7
IT Security Consultant
Kuala Lumpur, Kuala Lumpur
Businesslist
Posted 16 days ago
Job Viewed
Job Description
Overview
Position: IT Security Consultant Job Purpose: This role is responsible to manage information risk, to ensure compliance of Security Standards practised by the services/organization and to provide security support on application, projects and to prevent the unintentional, unlawful, or unauthorized disclosure, alteration, or destruction of IT resources. Responsibilities
Responsible to manage operational IT Security for a high availability financial service and work on the reporting & improvement as well as facilitate in audits and trainings. To drive analysis & handling of security vulnerabilities & incidents. Establish, maintain and review compliance with Operational Security processes and procedures periodically and to ensure these are met and monitored. Establish, maintain and review strict access control to information and IT systems according to business needs and access policies. Perform Access Management activities (grant, change and revoke access privileges). Establish and maintain an environment that complies with the Payment Card Industry Standards & Requirements, the Information Security Management Framework and other applicable security standards and Baselines. Monitor and manage security controls (system settings, logs, alerts, audit trails, attempts, violations, faulty logons, lockouts, etc.). To work closely with clients/application/infrastructure owners in applying and implementing the new security changes/solutions (e.g., protection concept, security specifications, architecture and design, security assessment). Exposure and to work on Security Operation Center (SOC) Tools, maintenance and operations support. Preferred Skills
Knowledge/ Exposure on Baseline controls a.k.a environmental controls, application generic control, Third Party Access controls and Legal and Regulatory controls Understanding and exposure working with External auditors on ISAE 3402, PCI-DSS compliance and other mandatory standards, health and safety, ISO/IEC 27001:2005, 27002:2005 and 27005:2008 . Internal Maintaining mandatory standards, health and safety, ISO/IEC 27001:2005, 27002:2005 and 27005:2008 Self-starter who can work autonomously and independently and willing to learn and explore compliance and IT security. Good written and verbal communications, and ability to productively interact across internal/external stakeholders, auditors and functions. Broad understanding of security technology, IT security Standards and compliance. Qualifications
You have a university degree, followed by depth experience in the field of Governance or Compliance with focus on IT security. Overall 8-10 years working experience in IT industry with at least 5 years’ experience in IT Security & Compliance. Self-motivated and able to work independently as well as a team player. Good to have: - Cards and Payment domain knowledge, Exposure or understanding on PCI DSS, PCI PA-DSS, Security Industry standards, IT Security and Assurance, TIA Knowledge/ practice, Infrastructure Security Knowledge/ Practice, Multiple OS and AD Knowledge practice and SIEM Knowledge / Practice. - Experience in an IT operations-related field such as IT Security, IT Admin, Disaster Recovery or Maintenance of SOC tools Work Location : Kuala Lumpur Sub Specialization : Information Technology;IT Security Type of Employment : Permanent Minimum Experience : 8 Years
#J-18808-Ljbffr
Position: IT Security Consultant Job Purpose: This role is responsible to manage information risk, to ensure compliance of Security Standards practised by the services/organization and to provide security support on application, projects and to prevent the unintentional, unlawful, or unauthorized disclosure, alteration, or destruction of IT resources. Responsibilities
Responsible to manage operational IT Security for a high availability financial service and work on the reporting & improvement as well as facilitate in audits and trainings. To drive analysis & handling of security vulnerabilities & incidents. Establish, maintain and review compliance with Operational Security processes and procedures periodically and to ensure these are met and monitored. Establish, maintain and review strict access control to information and IT systems according to business needs and access policies. Perform Access Management activities (grant, change and revoke access privileges). Establish and maintain an environment that complies with the Payment Card Industry Standards & Requirements, the Information Security Management Framework and other applicable security standards and Baselines. Monitor and manage security controls (system settings, logs, alerts, audit trails, attempts, violations, faulty logons, lockouts, etc.). To work closely with clients/application/infrastructure owners in applying and implementing the new security changes/solutions (e.g., protection concept, security specifications, architecture and design, security assessment). Exposure and to work on Security Operation Center (SOC) Tools, maintenance and operations support. Preferred Skills
Knowledge/ Exposure on Baseline controls a.k.a environmental controls, application generic control, Third Party Access controls and Legal and Regulatory controls Understanding and exposure working with External auditors on ISAE 3402, PCI-DSS compliance and other mandatory standards, health and safety, ISO/IEC 27001:2005, 27002:2005 and 27005:2008 . Internal Maintaining mandatory standards, health and safety, ISO/IEC 27001:2005, 27002:2005 and 27005:2008 Self-starter who can work autonomously and independently and willing to learn and explore compliance and IT security. Good written and verbal communications, and ability to productively interact across internal/external stakeholders, auditors and functions. Broad understanding of security technology, IT security Standards and compliance. Qualifications
You have a university degree, followed by depth experience in the field of Governance or Compliance with focus on IT security. Overall 8-10 years working experience in IT industry with at least 5 years’ experience in IT Security & Compliance. Self-motivated and able to work independently as well as a team player. Good to have: - Cards and Payment domain knowledge, Exposure or understanding on PCI DSS, PCI PA-DSS, Security Industry standards, IT Security and Assurance, TIA Knowledge/ practice, Infrastructure Security Knowledge/ Practice, Multiple OS and AD Knowledge practice and SIEM Knowledge / Practice. - Experience in an IT operations-related field such as IT Security, IT Admin, Disaster Recovery or Maintenance of SOC tools Work Location : Kuala Lumpur Sub Specialization : Information Technology;IT Security Type of Employment : Permanent Minimum Experience : 8 Years
#J-18808-Ljbffr
Is this job a match or a miss?
This advertiser has chosen not to accept applicants from your region.
8
Senior/Junior Information Security Consultant (Governance, Risk and Compliance)
Kelantan, Kelantan
Wizlynx Malaysia Sdn Bhd
Posted 16 days ago
Job Viewed
Job Description
Senior/Junior Information Security Consultant (Governance, Risk and Compliance)
Location: Malaysia
Job Summary and Mission This position contributes to the success of wizlynx group by performing the following: Responsible for development and operational activities across the entire scope of our clients' Security Governance, Risk and Compliance programs. The job encompasses leading and participating in the assessment of security, risks, and control effectiveness for applications, infrastructure, and technology projects. The Specialist will identify, classify, and document control issues in our clients' computing environment by documenting assessment results, recommending corrective action, tracking remediation, evaluating policy and control standard exceptions, and regularly reporting to our clients' IT management. Serve as the primary contact point for issue escalation. Manage service support requirements and ensure that quality plan, KPIs/SLAs are met. Draft support SOP and documentation. Models and acts in accordance with wizlynx group guiding principles. With this position, you will also have the opportunity to get introduced to different areas of information and cyber security such as Offensive Security & Penetration Testing. Summary of Key Responsibilities Leads IT control assessments for our clients to ensure effective IT controls are in place to meet operational and compliance requirements. Works with our clients' IT, Internal Audit, Compliance and other key stakeholders to create an IT GRC strategy that complies with professional standards and addresses the IT risks inherent in our client’s operations and industry. Develops Vendor Risk Management policies and supports client’s risk profile assessment for vendor onboarding process and conducts annual review of critical vendors. Performs ongoing logical access reviews and recommends updates to access control privileges to ensure proper Segregation of Duties based on user access reviews. Effectively reports and communicates testing results to client’s IT management for corrective action, where required. Conducts information security awareness training. Performs evidence collection and project management assistance of our clients' annual compliance (e.g. CREST, PCI DSS) certification program. Track and monitor risk exceptions to ensure control deviations are identified and mitigating controls are in place. Assist our clients with drafting and maintaining information security policies. Provides mentoring for other team members. Demonstrates excellent project management skills, inspires teamwork and responsibility with engagement team members, and uses current technology/tools to enhance the effectiveness of deliverables and services. Facilitates the performance and testing of our client’s annual disaster recovery tests and business continuity plans. Summary of Ideal Experience, Skills, Knowledge, and Abilities Ideal Experience a) Senior GRC role: A minimum of five years of experience in information security audit or in a technology-related audit or compliance field, and strong knowledge base in operations, enterprise networking, system evaluation/architecture and consulting experience preferred. b) Junior GRC role: One to two years of experience in information security audit or in a technology-related audit or compliance field, and strong knowledge base in operations, enterprise networking, system evaluation/architecture and consulting experience preferred. Strong understanding of and ability to provide security configuration and testing of networking and operating systems including TCP/IP, WAN/LAN routing, VLAN architecture, and a wide array of large-scale environments including various major web application servers. Strong understanding of information security principles such as ISO 27001, BNM GPIS, MAS TRM PCI-DSS, PDPA, and other regulatory compliance. Language Skills Fluent technical English (speech and writing). Ability to communicate clearly and concisely, both orally and in writing, in local language. Soft Skills Excellent team leadership, team-oriented and team player who takes ownership. Flexible attitude, reliable, action-oriented. Customer-friendly approach and appearance. Willingness to travel. Innovative to push new ideas, dynamic and forward-looking with clear management principles towards the team. Able to work independently, critical thinking and be able to communicate effectively with the support team and customers. Enjoys working in a global team with different cultures. Technical Skills and Abilities Microsoft OS and Office knowledge. Technical document writing. Experience in Project Management in IT. Knowledge in perimeter firewall infrastructure and VPN remote access. Summary of Education Bachelor's degree from an accredited college/university in an appropriate field. Certifications / Training CISM, CISA, CRISC, CISSP certified. KEY PERFORMANCE INDICATORS / MEASURES OF SUCCESS Achieve agreed targets/SLA/KPI in terms of quality, time and cost. Lead team members to achieve team/organizational goals. Improve and retain high customer satisfaction. POTENTIAL CAREER DEVELOPMENT Advance to higher business development tiers or geographic reach. APPLY NOW
Your Full Name Your Email Upload Resume Your Full Name Your Email Upload Resume I grant wizlynx group my consent to the processing of my personal information for the job application purposes.
#J-18808-Ljbffr
Location: Malaysia
Job Summary and Mission This position contributes to the success of wizlynx group by performing the following: Responsible for development and operational activities across the entire scope of our clients' Security Governance, Risk and Compliance programs. The job encompasses leading and participating in the assessment of security, risks, and control effectiveness for applications, infrastructure, and technology projects. The Specialist will identify, classify, and document control issues in our clients' computing environment by documenting assessment results, recommending corrective action, tracking remediation, evaluating policy and control standard exceptions, and regularly reporting to our clients' IT management. Serve as the primary contact point for issue escalation. Manage service support requirements and ensure that quality plan, KPIs/SLAs are met. Draft support SOP and documentation. Models and acts in accordance with wizlynx group guiding principles. With this position, you will also have the opportunity to get introduced to different areas of information and cyber security such as Offensive Security & Penetration Testing. Summary of Key Responsibilities Leads IT control assessments for our clients to ensure effective IT controls are in place to meet operational and compliance requirements. Works with our clients' IT, Internal Audit, Compliance and other key stakeholders to create an IT GRC strategy that complies with professional standards and addresses the IT risks inherent in our client’s operations and industry. Develops Vendor Risk Management policies and supports client’s risk profile assessment for vendor onboarding process and conducts annual review of critical vendors. Performs ongoing logical access reviews and recommends updates to access control privileges to ensure proper Segregation of Duties based on user access reviews. Effectively reports and communicates testing results to client’s IT management for corrective action, where required. Conducts information security awareness training. Performs evidence collection and project management assistance of our clients' annual compliance (e.g. CREST, PCI DSS) certification program. Track and monitor risk exceptions to ensure control deviations are identified and mitigating controls are in place. Assist our clients with drafting and maintaining information security policies. Provides mentoring for other team members. Demonstrates excellent project management skills, inspires teamwork and responsibility with engagement team members, and uses current technology/tools to enhance the effectiveness of deliverables and services. Facilitates the performance and testing of our client’s annual disaster recovery tests and business continuity plans. Summary of Ideal Experience, Skills, Knowledge, and Abilities Ideal Experience a) Senior GRC role: A minimum of five years of experience in information security audit or in a technology-related audit or compliance field, and strong knowledge base in operations, enterprise networking, system evaluation/architecture and consulting experience preferred. b) Junior GRC role: One to two years of experience in information security audit or in a technology-related audit or compliance field, and strong knowledge base in operations, enterprise networking, system evaluation/architecture and consulting experience preferred. Strong understanding of and ability to provide security configuration and testing of networking and operating systems including TCP/IP, WAN/LAN routing, VLAN architecture, and a wide array of large-scale environments including various major web application servers. Strong understanding of information security principles such as ISO 27001, BNM GPIS, MAS TRM PCI-DSS, PDPA, and other regulatory compliance. Language Skills Fluent technical English (speech and writing). Ability to communicate clearly and concisely, both orally and in writing, in local language. Soft Skills Excellent team leadership, team-oriented and team player who takes ownership. Flexible attitude, reliable, action-oriented. Customer-friendly approach and appearance. Willingness to travel. Innovative to push new ideas, dynamic and forward-looking with clear management principles towards the team. Able to work independently, critical thinking and be able to communicate effectively with the support team and customers. Enjoys working in a global team with different cultures. Technical Skills and Abilities Microsoft OS and Office knowledge. Technical document writing. Experience in Project Management in IT. Knowledge in perimeter firewall infrastructure and VPN remote access. Summary of Education Bachelor's degree from an accredited college/university in an appropriate field. Certifications / Training CISM, CISA, CRISC, CISSP certified. KEY PERFORMANCE INDICATORS / MEASURES OF SUCCESS Achieve agreed targets/SLA/KPI in terms of quality, time and cost. Lead team members to achieve team/organizational goals. Improve and retain high customer satisfaction. POTENTIAL CAREER DEVELOPMENT Advance to higher business development tiers or geographic reach. APPLY NOW
Your Full Name Your Email Upload Resume Your Full Name Your Email Upload Resume I grant wizlynx group my consent to the processing of my personal information for the job application purposes.
#J-18808-Ljbffr
Is this job a match or a miss?
This advertiser has chosen not to accept applicants from your region.
9