730 Military & Public Safety jobs in Malaysia

Overview

Join to apply for the Risk Manager, Third Party Security Risk role at Standard Chartered .

Get AI-powered advice on this job and more exclusive features.

We are looking for a passionate Third-Party Cybersecurity Risk Assessor to join our dynamic cybersecurity team. In this critical role, you will assess and manage the cybersecurity risks posed by third-party vendors, suppliers, and service providers, ensuring alignment with our organization's information and cyber security standards. You'll play a pivotal part in safeguarding sensitive data, protecting infrastructure, and enabling secure digital ecosystems in an ever-evolving threat landscape.

If you thrive in a fast-paced environment, are excited by emerging technologies and have a keen eye for risk and resilience, this opportunity is for you.

Our Technology & Operations (T&O) team is the powerhouse for the Bank. We aim to go further, faster, to ensure we're agile and ready for tomorrow, today. Our diverse network enables us to innovate and build banking solutions that support communities to prosper. We're a place where talented people are encouraged to grow, learn, and thrive, to drive their own career journeys, to reach their full potential. When you work with us, you’re protecting the reputation and legacy of a 170-year organisation and building on it. We’re driven by progress and continuously evolving to ensure we’re agile and ready for tomorrow, today.

• Strategy
  • The main responsibilities will be to support the Head of Third Party Security Risk in delivering the third party security risk program within the Bank.
• Business
  • Perform cybersecurity risk assessments on third-party vendors, suppliers, and service providers.
  • Lead due diligence assessments, security reviews, and continuous vendor risk monitoring.
  • Evaluate vendor responses to security questionnaires, attestations, and evidence artifacts.
  • Assess vendors' cybersecurity posture against standards like ISO 27001, NIST, GDPR, SOC 2, PCI-DSS, and best practices.
  • Analyse third-party cloud security controls, data protection measures, and threat management capabilities.
  • Document findings, provide risk ratings, remediation recommendations, and track actions to closure.
  • Partner with CISO, procurement, and business teams on vendor onboarding and contract renewals.
  • Continuously evolve and optimize third-party risk assessment methodologies and frameworks.
  • Leverage AI/ML tools and data analytics to enhance risk detection and predictive assessments.
  • Stay informed on the latest cybersecurity trends, threat intelligence, and regulatory developments.
  • Support audits, regulatory reviews, and compliance assessments related to third-party risk.
  • Communicate risk insights and reporting to executive leadership and stakeholders.
• Processes
  • Diligently provide weekly and ad hoc reporting on status of reviews.
  • Support any training and awareness initiatives relating to third party security risk.
  • Support and assist in third party program improvement initiatives.
  • Assist in the development of new/amended processes, innovative ways of working and reviewing risk and control assessments.
  • Assist in the forward planning and prioritisation of vendor assessments or requests from business stakeholders, and resource allocations.
• People & Talent
  • Manage a register of third party security risks and ensure that deficiencies are mitigated.
  • Support any training and awareness initiatives relating to third party security risk.
• Risk Management
  • Maintain a register of third party security risks and ensure that deficiencies are mitigated.
  • Support the Head of TPSR to ensure compliance with relevant regulations covering third party security risk.
  • Monitor and report on third party security risk compliance to stakeholders.
  • Remain current on industry trends and regulatory requirements related to third party information security.
• Governance
  • Diligently provide weekly and ad hoc reporting on status of reviews.
• Regulatory & Business Conduct
  • Display exemplary conduct and live by the Group’s Values and Code of Conduct.
  • Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
  • Exercise authorities delegated by the Board of Directors and act in accordance with Articles of Association (or equivalent).
• Key stakeholders
  • Supply Chain Management
  • Business Functions

• Bachelor degree or above from an accredited college/university in an appropriate field.
• Ideally 3 years of experience in information security / IT auditing, with Big 4 and/or Banking & Financial services experience.
• Experience in third party audits is a plus, but understanding of auditing standards, compliance, risk assessment and internal control frameworks is a requirement.
• Familiarity with working in a multinational or cross-cultural setting.
• Excellent written and interpersonal skills.
• Strong time management skills.
• Ability to draft reports that clearly communicate observations and risks.
• Strong stakeholder engagement skills, and ability to interact at all levels across an organisation.
• Strong audit project organisation and management skills.
• Ability to multitask and ensure that all key priorities are delivered as per agreed timelines.
• Preferred certifications (e.g. CISSP, CCSP, CISA).
• Knowledge of security frameworks (e.g. COBIT, ISF, COSO), standards (e.g. ISO, NIST, CIS), information security principles, security architecture and regulatory requirements will be a plus.
• Competency with Microsoft Office Suite (Word, PowerPoint, Excel, Visio, SharePoint).

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us. Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
• Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
• Flexible working options based around home and office locations, with flexible working patterns.
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits.
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.

Some of our roles use assessments to help us understand how suitable you are for the role you've applied to. If you are invited to take an assessment, this is great news. It means your application has progressed to an important stage of our recruitment process.

Visit our careers website

Note: This is a refined, self-contained description and does not include disallowed formatting or extraneous content from the original version.

At EY, we’re all in to shape your future with confidence. We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. Join EY and help to build a better working world.

The opportunity: At EY, we are expanding our market-leading cyber security services to meet increasing client demand. We are seeking highly motivated Managers and Senior Managers to join our team, lead critical client engagements, and help drive our growth strategy.

Your Key Responsibilities : As a Manager / Senior Manager, you will be responsible for leading the delivery of cyber security engagements and managing client relationships. You will work closely with Partners and Directors to define solutions, oversee project execution, and develop new opportunities in the market.

• Leading end-to-end delivery of a portfolio of cyber security engagements, ensuring high quality output and client satisfaction.
• Building and maintaining trusted client relationships, acting as a strategic advisor to senior stakeholders.
• Developing engagement plans, budgets, and resourcing, while managing project risks and issues.
• Guiding and reviewing the work of engagement teams, providing coaching and constructive feedback.
• Driving business development initiatives – including proposal development, presentations, and thought leadership.
• Contributing to practice growth by identifying market trends, developing new service offerings, and building internal capabilities.

You will be responsible to deliver one or more of the following areas :

• Cybersecurity Management programs – governance, risk and compliance, security architecture, and technology/process controls.
• Threat & Vulnerability Management – risk assessments, penetration testing, threat modelling, and vulnerability management.
• Incident Detection & Response – developing SOC strategies, incident response playbooks, and crisis management.
• Data Protection & Privacy – GDPR/PDPA compliance, data governance, and privacy-enhancing technologies.
• Identity & Access Management – IAM strategy, access governance, and privileged access solutions.
• Business Continuity & Disaster Recovery – planning, implementation, and maturity assessments.

Skills And Attributes For Success

• Strong leadership skills with the ability to inspire, mentor, and develop teams.
• Proven ability to manage multiple engagements and stakeholders simultaneously.
• Strong business acumen and the ability to translate cyber risk into business impact.
• Excellent communication and presentation skills with the ability to influence senior stakeholders.
• A collaborative, innovative, and solutions-driven mindset.

To qualify for the role you must have

• A bachelor’s degree in computer science, information security, engineering, or a related field.
• Minimum 8–10 years of relevant work experience, with at least 3 years in a managerial role in cyber security, risk management, or technology consulting.
• Demonstrated experience leading client engagements and delivering complex security solutions.
• Related professional certifications such as CISSP, OSCP, CEH, CISM, CISA or equivalent.

Ideally, you’ll also have

• Experience in project/program management (PMP, PRINCE2, Agile, or equivalent).
• Proven experience in business development, proposals, and client relationship management.
• Experience supervising and coaching junior team members and building high-performing teams.
• Strong problem-solving and critical thinking skills.
• Demonstrated integrity and commitment to excellence within a professional environment.

What We Offer You : At EY, we’ll develop you with future-focused skills and equip you with world-class experiences. We’ll empower you in a flexible environment, and fuel you and your extraordinary talents in a diverse and inclusive culture of globally connected teams.

Technology Consulting - Cyber Security (Manager/ Senior Manager)

EY Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia

Overview

Cyber security is one of the most important risks facing businesses today. Systems, applications, and processes are becoming increasingly interconnected and automated and many organizations rely on technology to drive business strategy and growth. Our clients turn to EY for help and guidance on how to protect their assets, minimize business disruption and improve security as they transform their business with technology.

The opportunity

At EY, we are expanding our market-leading cyber security services. We are looking for excellent people to join our team and be part of our growth strategy.

Your Key Responsibilities

• Leading a portfolio of engagements and projects with our clients; reporting to a Director or Partner
• Managing and creating reports and ensuring the highest quality deliverables prior to Director’s and Partner’s review
• Contributing to developing the market for Cyber Security services across all sectors and identifying sales opportunities, escalating these to senior management
• Establishing client relationships with senior stakeholders across our clients and internal stakeholders
• Working with prospective clients to identify opportunities, scope engagements, and create high-quality proposals
• Advocating and championing Cyber Security services internally and to clients and the wider market
• Contributing to the creation of proposals and marketing material
• Managing engagements to time and budget
• Contributing to the development of the existing cyber risk team, mentoring and coaching junior team members and leading by example
• Contributing to latest thought-leadership, industry research and creation of marketing collateral relating to cyber security

Role scope

As a cyber security Manager/Senior Manager, you will be involved in one or more of the following:

• Perform security risk and controls assessments and/or penetration testing to evaluate and analyze threat, vulnerability, impact, risk and security issues for the business
• Assist clients in evaluating, enhancing or developing, and managing their:
• Cybersecurity management programs including technology controls, process controls, and governance, risk and compliance elements
• Business continuity and disaster recovery management programs
• Data protection and privacy management programs
• Threat and vulnerability management programs
• Security incident detection and response management programs
• Identity and access management programs

You are expected to

• Consistently deliver quality client services and manage expectations of client service delivery
• Stay abreast of current business and industry trends relevant to the client's business
• Demonstrate technical, risk capabilities and professional knowledge
• Remain current on new developments in advisory services capabilities and industry knowledge

Skills And Attributes For Success

A professional services background or comparable consulting experience is advantageous; candidates with strong industry experience and proven success managing transformation workstreams and conducting cyber discussions at senior management are encouraged to apply.

Technical focus areas

• Security strategy – assess, design and implement security strategy, governance frameworks over processes, controls, organization and infrastructure for cyber security
• Security transformation programmes – design and management of security solution implementations and remediation programmes
• Identity and access management (IDAM) – assess current IDAM practices and design improvements
• Breach and incident management – design and implementation of breach and major incident management practices
• Security policies and procedures – design and implementation of security policies, procedures, standards and controls aligned with regulation and standards (ISO27001, NIST, SANS)
• Data privacy and data protection – implementation of data protection/privacy programmes
• Resilience – design and implementation of IT Disaster Recovery and Business Continuity programs
• Security over operational technology and control systems (SCADA)
• Security architecture – creating secure architecture designs and patterns; architectural reviews using TOGAF or SABSA
• Security around emerging technology platforms – mobile devices, cloud services (IaaS, PaaS, SaaS), Big Data, Social media

To qualify for the role you must have

• A bachelor’s degree in computer science, computer/electrical engineering, information technology or related field
• Related professional certifications such as CISSP, CCSP, CISM, OSCP, etc
• Minimum 5 years for Managers or 8 years for Senior Managers of recent relevant work experience in information security or information technology
• Experience in client service delivery and the ability to manage multiple engagement teams and projects
• Project and program management related certification such as Prince2, Scrum, Agile, etc.

Ideally, you’ll also have

• Strong analytical and problem-solving skills
• Strong drive to excel professionally and to guide and motivate others
• Advanced written and verbal communication skills

What We Look For

Highly motivated individuals with excellent problem-solving skills and the ability to prioritize shifting workloads in a rapidly changing industry. You’ll be a confident leader with strong people management skills and a genuine passion to make a difference in a dynamic organization.

What We Offer

EY offers a competitive remuneration package commensurate with your work experience. We are committed to being an inclusive employer and are happy to consider flexible working arrangements guided by our Flexible Working Arrangements policy. We offer:

• Continuous learning: you’ll develop the mindset and skills to navigate whatever comes next
• Success as defined by you: tools and flexibility to make a meaningful impact, your way
• Transformative leadership: insights, coaching and confidence to be the leader the world needs
• Diverse and inclusive culture: you’ll be embraced for who you are and empowered to use your voice

EY is an equal opportunity employer. If you can demonstrate that you meet the criteria above, please apply. The Exceptional EY Experience. It’s Yours To Build.

EY | Building a better working world. Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.

• Mid-Senior level

• Full-time

• Information Technology

• Professional Services

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too.

The Opportunity

EY is seeking a passionate Cyber OT (Operational Technologies), Industrial Control Systems (ICS) security and / or IoT expert to join a world leading practice focused on protecting mission critical systems and national critical infrastructures. This role is a critical part of an operational service to protect some of the world’s leading organizations from Cyber threats that span more than just IT.

As a Consultant/Senior Consultant in OT Cyber security, you will support in preparing solutions for moderately complex projects - or for elements of highly complex projects – also you will be supporting client presentations and in designing proposals and be engaged in on-site and off-site delivery.

Drawing on your skills and experience, you will contribute to creating innovative insights for clients, adapt methods and practices to fit operational team and cultural needs, and contribute to thought leadership. In addition, you will support the packaging of overall project findings into clear, concise, high-quality work products.

Key Responsibilities :

• Lead comprehensive assessments of OT systems, networks, and assets to identify and mitigate potential security risks.
• Manage key engagement metrics and finances
• Design and oversee the implementation of advanced security policies and strategies tailored to the unique needs of OT environments.
• Foster the integration of OT and IT security practices to create a unified defense architecture.
• Champion training and development programs to elevate security awareness and best practices across client organizations.
• Engage with clients at a strategic level, delivering exceptional service and identifying new avenues for EY to provide value.
• Keep a pulse on industry developments and leverage this knowledge to drive innovation within EY's OT security offerings.

Qualifications :

• Bachelor's degree in Computer Science, Cyber Security, Engineering, or a related field, with a master's degree preferred.
• At least 5 years of experience in OT security, with a proven track record of leadership in this domain.
• Professional certifications such as GICSP, IEC 62443, CEH, CISA, OSCP, CISSP,or CISM are highly regarded.
• Strong leadership skills with the ability to manage and inspire a team of professionals.
• Excellent communication and interpersonal skills, capable of engaging with clients and stakeholders at all levels.
• A strategic thinker with a resourceful mindset, adept at navigating complex challenges and driving team performance.

Skills and attributes for success

• Strong analytical and problem-solving skills
• Strong drive to excel professionally, and to guide and motivate others
• Advanced written and verbal communication skills
• Dedicated, innovative, resourceful, analytical and able to work under pressure
• Foster an efficient, innovative and team-oriented work environment

What we offer

EY offers a competitive remuneration package commensurate with your work experience, where you’ll be rewarded for your individual and team performance. We are committed to being an inclusive employer and are happy to consider flexible working arrangements, guided by our FWA Policy. Plus, we offer:

• Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
• Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.

EY is an equal opportunities employer and welcomes applications from all candidates.

Cyber security is one of the most important risks facing businesses today. Systems, applications, and processes are becoming increasingly interconnected and automated and many organizations are now reliant upon technology to drive business strategy and growth.

Our clients are turning to EY for help and guidance on how to protect their assets, minimize business disruption and improve security as they continue to exploit technology to transform their business

The opportunity

At EY, we are expanding our already market leading cyber security services. We need excellent people, across all grades, to join our team and be part of our exciting growth strategy.

Your key responsibilities

As a Senior Associate/ Manager, you will lead the cyber security engagements and projects for our client. They may include implementation of security solutions for our clients and support the clients in their desire to protect the business. You will belong to an international connected team of specialists helping our clients with their most complex information security needs and contributing toward their business resilience.

You will have a responsibility for:

Senior Associate:

• Working across a portfolio of cyber engagements with our clients, reporting to a Manager or Senior Manager, responsible for the day to day completion of engagements and projects
• Working with team members you will create high quality reports, ready for review by a Manager or Senior Manager
• Where possible, you will identify opportunities for EY to assist our clients further and escalate these potential areas to the engagement manager
• Working with the engagement manager you will assist with the planning and delivery phases of engagements
• Contributing to the creation of proposals and marketing material
• Perform security risk and controls assessments and/or penetration testing to evaluate and analyze threat, vulnerability, impact, risk and security issues to Business.
• Assist client in evaluating, enhancing or developing, and managing their:
• Cybersecurity Management programs including technology controls, process controls, and governance, risk and compliance elements

Manager:

• Leading a portfolio of engagements and projects with our clients; reporting to a Director or Partner
• Managing and creating reports and via review ensuring the highest quality deliverables prior to Director’s and Partner’s review
• Contributing to developing the market for Cyber Security services across all sectors and identify sales opportunities and escalating these to senior management
• Establishing client relationships with senior stakeholders across our clients including internal stakeholders
• Working with prospective clients to identify opportunities, scope engagements, and create high quality proposals
• Advocating and championing Cyber Security service both internally to our wider network of colleagues and to our clients and the wider market
• Contributing to the creation of proposals and marketing material
• Managing engagements to time and budget
• Contributing to the development of the existing cyber risk team acting as mentor and coach to the junior members of the team and leading by example
• Contributing to the latest thought-leadership, industry research and creation of marketing collateral relating to cyber security
• Perform security risk and controls assessments and/or penetration testing to evaluate and analyze threat, vulnerability, impact, risk and security issues to Business.
• Assist client in evaluating, enhancing or developing, and managing their:
• Cybersecurity Management programs including technology controls, process controls, and governance, risk and compliance elements
• Business Continuity and Disaster Recovery Management programs
• Data Protection and Privacy management programs
• Threat and Vulnerability Management programs
• Security Incident Detection and Response management programs
• Identity and access management programs

Skills and attributes for success

• Strong analytical and problem-solving skills
• Strong drive to excel professionally, and to guide and motivate others
• Advanced written and verbal communication skills
• Dedicated, innovative, resourceful, analytical and able to work under pressure
• Foster an efficient, innovative and team-oriented work environment

To qualify for the role you must have

• A bachelor’s degree in computer science, computer/ electrical engineering, information technology or a related field
• Minimum 2 years for senior associate & minimum 5 years for Manager of recent relevant work experience in information security or information technology discipline, preferably in a technology consulting role with a leading management consultancy organization or professional services firm
• Experience in client service delivery and be able to manage multiple engagement teams and projects
• Related professional certifications such as CISSP, OSCP, CEH, CISM, etc.

Ideally, you’ll also have

• Experience in coaching and supervising junior team members
• A team player with good communication and interpersonal skills
• Creative, independent with good problem solving skills
• Proactive, dedicated, innovative, resourceful, strong analytical and able to work under pressure
• Analytical, Advanced report-written and verbal communication skills and presentation skills
• Demonstrated integrity within a professional environment

What we look for

Highly motivated individuals with excellent problem-solving skills and the ability to prioritize shifting workloads in a rapidly changing industry. An effective communicator, you’ll be a confident leader equipped with strong people management skills and a genuine passion to make things happen in a dynamic organization. If you’re ready to take on a wide range of responsibilities, and are committed to seeking out new ways to make a difference, this role is for you.

What we offer

EY offers a competitive remuneration package commensurate with your work experience,where you’ll be rewarded for your individual and team performance. We are committed tobeingan inclusive employer and are happy to consider flexible working arrangements(FWA), where this may be needed, guided by our FWA Policy. Plus, we offer:

• Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
• Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.

Direct message the job poster from HFG Insurance Recruitment

Key Accountabilities

• Manage and engineer endpoint protection solutions , including Microsoft Defender for Endpoint and CrowdStrike Falcon.
• Develop, enforce, and maintain endpoint hardening standards , ensuring secure configurations throughout the asset lifecycle.
• Align endpoint security initiatives with the broader Information Security strategic roadmap .
• Automate security operations using scripting languages (e.g., PowerShell, Python, KQL) to improve efficiency and consistency.
• Manage and maintain configuration scanning policies to ensure compliance with CIS Benchmarks and internal hardening standards.
• Collaborate with cross-functional teams to deliver endpoint security programs on time and within budget.
• Define and manage device control policies , ensuring compliance with regulatory and internal requirements.
• Support integration and policy enforcement through platforms such as Microsoft Intune.
• Drive successful delivery of network security projects , ensuring alignment with Group Information Security strategies and business objectives.
• Build awareness and provide support to Group IT Security, Group IT, and Business Units IT, to ensure understanding of security solutions and processes across the organization.
• Lead IT Security Engineering initiatives and projects , including solution selection, architecture definition, operations framework, and continuous improvement.
• Collaborate with business units and cross-functional teams to ensure consistent execution of security initiatives.
• Partner with the Head of IT Security Engineering and Group CISO to track and report on program progress and risks, providing regular updates to management.
• Provide technical leadership and mentorship to junior engineers and project teams.
• Continuously evaluate and recommend emerging technologies to strengthen the security landscape.

Experience

• Minimum of 8 years’ experience in IT Security Management, preferably within the Financial Services industry .
• Demonstrated success in delivering endpoint security projects and managing enterprise-grade security solutions.
• Regional exposure in IT Security Technical or Engineering roles .
• Strong analytical and problem-solving abilities , with a proactive and collaborative mindset.
• Bachelor’s degree in Information Technology or a related discipline.
• Hands-on technical expertise across the NIST Cybersecurity Framework domains : Identify, Protect, Detect, Respond, and Recover.
• Good understanding of cloud environments and how networks operate within cloud architectures.

Knowledge & Technical Skills

• Relevant Information Security and Cloud certifications ; CISSP (or equivalent) is an advantage.
• Proficiency in scripting and automation tools to streamline security operations.
• Proven track record in designing and implementing endpoint security solutions .
• Strong interpersonal and influencing skills to drive adoption and enforcement of IT Security Engineering programs.
• Excellent communication and presentation skills for engaging with stakeholders at all levels.

Seniority level : Mid-Senior level

Employment type : Full-time

Job function : Information Technology

Industries : Insurance

Cyber security is one of the most important risks facing businesses today. Systems, applications, and processes are becoming increasingly interconnected and automated and many organizations are now reliant upon technology to drive business strategy and growth.

Our clients are turning to EY for help and guidance on how to protect their assets, minimize business disruption and improve security as they continue to exploit technology to transform their business.

At EY, we are expanding our already market leading cyber security services. We need excellent people, across all grades, to join our team and be part of our exciting growth strategy.

As a Manager/ Senior Manager in the EY cyber security practice, you will lead and manage teams to deliver security engagement with our clients. You will contribute technical insights to client engagements. An important part of your role will be to actively establish, maintain and strengthen internal and external relationships. You'll also identify potential business opportunities for EY within existing engagements and escalate these as appropriate.

You will have responsibility for:

• Leading a portfolio of engagements and projects with our clients; reporting to a Director or Partner
• Managing and creating reports and via review ensuring the highest quality deliverables prior to Director’s and Partner’s review
• Contributing to developing the market for Cyber Security services across all sectors and identify sales opportunities and escalating these to senior management
• Establishing client relationships with senior stakeholders across our clients including internal stakeholders
• Working with prospective clients to identify opportunities, scope engagements, and create high quality proposals
• Advocating and championing Cyber Security service both internally to our wider network of colleagues and to our clients and the wider market
• Contributing to the creation of proposals and marketing material
• Managing engagements to time and budget
• Contributing to the development of the existing cyber risk team acting as mentor and coach to the junior members of the team and leading by example
• Contributing to the latest thought-leadership, industry research and creation of marketing collateral relating to cyber security

As a cyber security Manager/Senior Manager, you will be involved in one or more of the below:

• Perform security risk and controls assessments and/or penetration testing to evaluate and analyze threat, vulnerability, impact, risk and security issues to Business.
• Assist client in evaluating, enhancing or developing, and managing their:
  • Cybersecurity Management programs including technology controls, process controls, and governance, risk and compliance elements
  • Business Continuity and Disaster Recovery Management programs
  • Data Protection and Privacy management programs
  • Threat and Vulnerability Management programs
  • Security Incident Detection and Response management programs
  • Identity and access management programs

You are expected to:

• Consistently deliver quality client services and manage expectations of client service delivery.
• Stay abreast of current business and industry trends relevant to the client's business.
• Demonstrate technical, risk capabilities and professional knowledge.
• Remain current on new developments in advisory services capabilities and industry knowledge.

A professional services background or comparable consulting experience is advantageous, although some of our strongest performers come directly from industry therefore candidates with excellent industry experience and demonstrable success managing transformation workstreams and proven experience of conducting cyber discussions at senior management are also encouraged to apply.

A broad background across security is expected with specific experience in one or more of the following areas are essential:

• Security strategy - assess, design and implement security strategy, governance frameworks over processes, controls, organisation and infrastructure to management of cyber security
• Security transformation programmes – design and management of security solution implementations and / or remediation programmes to address risks
• Identity and access management (IDAM) - assessing current IDAM practices and designing solutions to improve IDAM processes, privileged access and recertification programmes.
• Breach and incident management - design and implementation of breach and major incident management practices
• Security policies and procedures - design and implementation of security policies, procedures, standards and controls in line with regulation and/or current standards, ISO27001, NIST, SANS etc.
• Data privacy and data protection - implementation of data protection and/or privacy programmes to address confidentiality and security of personal data
• Resilience - design and implementation of programmes to improve IT Disaster Recovery, Business Continuity
• Security over operational technology and control systems (SCADA)
• Security architecture – creating secure architecture designs for solutions, designing secure patterns for reuse and the delivery of architectural reviews using TOGAF or SABA
• Security around emerging technology platforms – mobile device platforms (iOS, Android), cloud services (IaaS, PaaS, SaaS), Big Data, Social media

• A bachelor’s degree in computer science, computer/ electrical engineering, information technology or a related field
• Related professional certifications such as CISSP, CCSP, CISM, OSCP, etc
• Minimum 5 years for Managers or 8 years for Senior Managers of recent relevant work experience in information security or information technology discipline
• Experience in client service delivery and be able to manage multiple engagement teams and projects
• Project and program management related certification such as Prince, Scrum, Agile, etc.

• Strong analytical and problem-solving skills
• Strong drive to excel professionally, and to guide and motivate others
• Advanced written and verbal communication skills

Highly motivated individuals with excellent problem-solving skills and the ability to prioritize shifting workloads in a rapidly changing industry. An effective communicator, you’ll be a confident leader equipped with strong people management skills and a genuine passion to make things happen in a dynamic organization. If you’re ready to take on a wide range of responsibilities, and are committed to seeking out new ways to make a difference, this role is for you.

EY offers a competitive remuneration package commensurate with your work experience, where you’ll be rewarded for your individual and team performance. We are committed to being an inclusive employer and are happy to consider flexible working arrangements (FWA), where this may be needed, guided by our FWA Policy. Plus, we offer:

• Continuous learning: You’ll develop the mindset and skills to navigate whatever comes next.
• Success as defined by you: We’ll provide the tools and flexibility, so you can make a meaningful impact, your way.
• Transformative leadership: We’ll give you the insights, coaching and confidence to be the leader the world needs.
• Diverse and inclusive culture: You’ll be embraced for who you are and empowered to use your voice to help others find theirs.

EY is an equal opportunities employer and welcomes applications from all sections of the community.

Overview

At AIA we’ve started an exciting movement to create a healthier, more sustainable future for everyone.

As pioneering innovators for over 100 years, we’re now transforming our organisation to be faster, simpler and more connected. Because we want to be even better equipped to develop digital solutions and experiences that help more people live Healthier, Longer, Better Lives.

To get there, we need people with tech/digital/analytics expertise and passion to help develop positive, sustainable change through digitally enhanced experiences that will impact the lives of millions of people and create a healthier future for everyone.

If you believe in developing a better tomorrow, read on.

About the Role

This role leads the organization’s cybersecurity strategy, ensuring the protection of systems, data, and operations. It oversees advanced threat detection, coordinated incident response, and comprehensive vulnerability management. The role also drives application security initiatives, including penetration testing and secure development practices. In addition, it ensures compliance with regulatory standards and manages the implementation of key security technologies. The manager fosters a strong security culture across teams and collaborates with stakeholders to align security initiatives with broader business objectives.

• Lead the development and execution of the organization’s cybersecurity strategy to safeguard systems, data, and operations.

• Manage advanced threat detection, coordinated incident response, vulnerability management, and application security initiatives, including penetration testing and secure development practices.

• Ensure compliance with cybersecurity regulations and standards, with a strong understanding of Bank Negara Malaysia’s Risk Management in Technology (RMiT) guidelines—particularly in areas such as access control, authentication, data protection, and third-party risk.

• Oversee the implementation and continuous optimization of key security technologies across infrastructure, cloud environments, and applications.

• Develop and maintain key performance indicators (KPIs) and control measures to monitor the effectiveness of cybersecurity programs and drive continuous improvement.

• Promote cybersecurity awareness and best practices across teams, fostering a culture of shared responsibility and vigilance.

• Collaborate with business and technology stakeholders to align security initiatives with organizational goals and overall risk appetite.

Education & Certification

• Bachelor’s degree in Cybersecurity, Information Technology, or a related field.

• Professional certifications such as CISSP, CISM, or equivalent are strongly preferred.

Experience

• Minimum 4–8 years of relevant experience in cybersecurity, with at least 3 years in a leadership or managerial role.

• Proven track record in managing threat detection, incident response, vulnerability management, and application security.

Technical & Regulatory Knowledge

• Strong understanding of cybersecurity frameworks (e.g., NIST, ISO 27001) and technologies (e.g., SIEM, EDR, IAM).

• Solid grasp of regulatory requirements, especially Bank Negara Malaysia’s RMiT guidelines.

Leadership & Communication Skills

• Ability to lead cross-functional teams and influence stakeholders at all levels.

• Strong communication skills to convey technical risks and strategies to non-technical audiences.

Build a career with us as we help our customers and the community live Healthier, Longer, Better Lives.

You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date.

Are you ready to shape a better tomorrow?

AIA Digital+ is a Technology, Digital and Analytics innovation hub dedicated to powering AIA to be more efficient, connected and innovative as it fulfils its Purpose to help millions of people across Asia-Pacific live Healthier, Longer, Better Lives.

If you are hungry and driven to play an active role in shaping a better tomorrow, we want to hear from you. Because the work we do at AIA Digital+ makes a difference in the lives of millions of people, every day. We will equip you with the critical skills, tools and technology, and endless opportunities to learn, contribute and thrive in a dynamic and exciting environment.

If you want to shape a brighter future at AIA Digital+, please read on.

To ensure the security and integrity of AIA's information systems and cyber environment, the role involves:

• Developing AIA's information technology security procedures and overall cyber security framework
• Evaluating, testing, recommending, coordinating, supervising and maintaining IT security policies, procedures and systems including access management for both hardware and software
• Designing, implementing and tackling various information systems and cyber security software to identify security risks and exposures
• Resolving causes of security violations and suggesting procedures to halt future incidents
• Conducting evaluation and testing of hardware and software for possible impact on system security
• Investigating and resolving security incidents such as intrusion, frauds, cyber attacks or data leakage

• Medical insurance
• Work life balance
• Hybrid working arrangement
• Learning & development

Unleash your potential and join us now! Build a career with us as we help our customers and the community live healthier, longer, better lives.

Please note that you must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date.