14 Security Assessment jobs in Malaysia

Black Hat SEO Specialist (Cybersecurity & Penetration Testing Expert)

About the Job: Nationality: Any from South East Asia Employment Type: Full-time Experience: Minimum 1 year in Black Hat SEO & Cybersecurity Job Description: We are seeking a Black Hat SEO Specialist with cybersecurity and penetration testing experience to manipulate search engine rankings, exploit algorithm weaknesses, and counteract negative SEO threats. This role requires expertise in offensive SEO tactics, security vulnerabilities, and hacking search engine algorithms. As part of our SEO and security team, you will execute aggressive ranking strategies, analyze SEO loopholes, and develop attack & defense mechanisms to maintain dominance in search results. Key Responsibilities: Exploit search engine algorithms to gain ranking advantages. Automated backlink building (PBNs, spam networks). CTR (Click-Through Rate) manipulation. Reverse-engineering search engine penalties & filters. Conduct penetration testing on web assets to identify SEO vulnerabilities. Perform negative SEO strategies to counter competitor rankings. Reverse-engineer anti-spam algorithms to bypass ranking restrictions. Use security testing tools (Nmap, SQLMap, Burp Suite, Metasploit, Nessus, AWVS) for SEO-driven exploits. Automate SEO attacks & defenses using Python, Shell scripting, CMD, and PowerShell. Detect and counter spam link attacks, site cloning, and SERP poisoning. Collaborate with the SEO team to integrate offensive and defensive ranking strategies. Required Skills & Qualifications: 1+ years of experience in Black Hat SEO & Cybersecurity. Deep understanding of Google algorithm manipulation & SEO exploits. Proficiency in Black Hat SEO tools (GSA SER, Scrapebox, XRumer, SEnuke, etc.). Strong knowledge of automated traffic bots & AI-based ranking manipulation. Experience with cloaking techniques, geo-targeting tricks, and user-agent spoofing. Familiarity with PBN networks, backlink automation, and anchor text. Expertise in penetration testing tools & ethical hacking methods to analyze SEO vulnerabilities. Strong analytical skills to bypass search engine filters & penalties. Preferred Qualifications (Bonus Points): Certifications in OSCP, CEH, CISSP, GPEN (or equivalent). Experience with black hat affiliate marketing & underground SEO strategies. Knowledge of AI-powered SEO automation & adversarial machine learning for search engines. Understanding of zero-day SEO exploits & algorithm reverse-engineering. Why Join Us? Work with an elite team of Black Hat SEO & cybersecurity specialists. Gain access to premium SEO hacking tools & exclusive ranking strategies. Competitive salary, bonuses, and fast career growth. Push the boundaries of SEO & cybersecurity innovation. If you are a Black Hat SEO expert who understands penetration testing and search engine exploits.

#J-18808-Ljbffr

Information Security & Cloud Compliance Specialist Information Security & Cloud Compliance Specialist

2 days ago Be among the first 25 applicants

Get AI-powered advice on this job and more exclusive features.

We are looking for a highly motivated and experienced Information Security & Cloud Compliance Specialist to lead our organization's journey towards ISO/IEC 27001 certification and strengthen our overall cloud and internal IT security posture. This role will be pivotal in building and maintaining our Information Security Management System (ISMS), managing IT asset governance, and addressing client security compliance requirements.

You will also be responsible for guiding and supervising a junior executive, who will support the implementation and daily management of our internal controls.

Key Responsibilities

• ISO/IEC 27001 Implementation & Governance
• Lead the planning and execution of ISO/IEC 27001 implementation across the organization
• Conduct risk assessments, gap analyses, and drive remediation efforts
• Develop and maintain ISMS policies, procedures, and documentation
• Coordinate with internal teams to implement and monitor security controls
• Prepare for internal audits and manage external certification activities

2. Cloud Security & Governance

• Define and implement security controls across cloud platforms (e.g., Alibaba Cloud, Google Cloud Platform)
• Perform cloud configuration reviews, identity and access management checks, and vulnerability assessments
• Work with DevOps/Infra teams to enforce secure cloud deployment practices
• Monitor cloud environments for potential threats and respond to security incidents

3. Internal IT & Asset Security

• Establish and maintain an IT asset inventory (hardware, software, digital assets) in line with ISO 27001 controls
• Define policies for asset ownership, classification, labelling, and acceptable use
• Ensure internal systems such as Active Directory are securely configured and maintained
• Collaborate with internal IT support to implement and monitor endpoint and network security

4. Client Security Compliance & Support

• Act as the primary point of contact for client security reviews and due diligence requests
• Respond to RFPs, vendor security questionnaires, and client audits
• Provide documentation and assurance aligned with ISO 27001, PDPA, and other industry frameworks

5.Security Monitoring & Incident Response

• Develop and maintain incident response plans, including investigation, reporting, and corrective actions
• Monitor security events and coordinate incident response activities with internal teams
• Maintain security logs, reports, and metrics for audits and continual improvement
• Supervise and mentor a junior executive supporting policy enforcement, documentation, and control tracking
• Assign and review tasks to ensure quality and timeliness of ISMS initiatives
• Promote a culture of security awareness across the organization

Qualifications

• Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or a related discipline
• At least 3 years of hands-on experience in IT security, cloud security, or compliance-related roles
• Proven experience in ISO/IEC 27001 implementation or audits
• Familiarity with cloud security practices on platforms like Alibaba Cloud or GCP
• Knowledge of IT asset management processes and internal IT control frameworks
• Good understanding of Malaysian regulations such as PDPA and industry data protection standards
• Excellent interpersonal and communication skills; able to work across business and technical teams
• Able to work independently and take initiative in a fast-paced environment

Bonus

• Certification in ISO 27001 Lead Implementer , CompTIA Security+ , CISSP , or Cloud Security Certifications
• Experience with SIEM tools , cloud monitoring , or security automation
• Familiarity with IT service management tools (e.g., Jira, ServiceNow)
• Basic scripting/automation knowledge (e.g., Python, Bash)

Seniority level

• Seniority level Mid-Senior level

Employment type

• Employment type Full-time

Job function

• Job function Information Technology
• Industries IT Services and IT Consulting

Referrals increase your chances of interviewing at WISE AI by 2x

Get notified about new Information Security Specialist jobs in Subang Jaya, Selangor, Malaysia .

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 4 days ago

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 4 months ago

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 6 months ago

Petaling Jaya, Selangor, Malaysia 2 days ago

Wilayah Persekutuan Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 4 days ago

Federal Territory of Kuala Lumpur, Malaysia 5 days ago

Petaling Jaya, Selangor, Malaysia 6 days ago

Intern, Identity Access Management (IAM) - IT Security

Federal Territory of Kuala Lumpur, Malaysia 1 week ago

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 1 week ago

Security Operations Center Analyst (SOC Analyst)

WP. Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 3 weeks ago

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 2 days ago

Federal Territory of Kuala Lumpur, Malaysia 1 week ago

Federal Territory of Kuala Lumpur, Malaysia 3 weeks ago

Internship - Network & Information Security Engineer

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 6 months ago

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 6 months ago

WP. Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 5 days ago

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 1 week ago

Federal Territory of Kuala Lumpur, Malaysia 4 days ago

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 2 days ago

Senior Information Security Specialist (Supplier Security)

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 1 week ago

Federal Territory of Kuala Lumpur, Malaysia 3 weeks ago

WP. Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 1 week ago

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 1 month ago

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 1 week ago

Information Security and Digital Risk Management - AM

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 3 months ago

Information security Engineering specialist

Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia 5 days ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

#J-18808-Ljbffr

About us:

Here at Tarro we build products that empower small brick and mortar restaurants by liberating them of the operational burden of running their business. We accomplish this by providing a frictionless connection between them and their customers through our platform. In-turn empowering them to focus on creating a better experience for their customers while helping their business thrive.

We obsess over placing our customers first and working backwards from there. When our customers succeed, we succeed!

To learn more about our culture, values and how you can be a part of helping mom & pop restaurants thrive, please visit us here !

What we’re looking for:

We are seeking a highly skilled and experienced Sr Manager of Information Security and Compliance to lead our organization’s information security strategy and operations. The ideal candidate will have a robust background in both cloud and on-premise infrastructure, a deep understanding of data privacy regulations, and extensive experience with PCI DSS compliance and other security frameworks. As a player-coach, the Sr Manager of Information Security will be both a hands-on contributor and a strategic leader, capable of designing, implementing, and managing comprehensive security measures while leading and developing a team of security professionals.

What you will accomplish:

• You will develop and execute a comprehensive information security strategy aligned with business objectives, regulatory requirements, and risk profiles

• You will ensure compliance with relevant data privacy regulations, including PCI DSS, Philippines/Malaysia’s DPAs, CCPA, and others as needed

• You will maintain and ensure compliance with the company’s information security management system

• You will lead the design, implementation, and maintenance of secure cloud-based and on-premise infrastructure spanning our product and corporate environments

• You will work closely with internal stakeholders across various departments to ensure alignment on security practices and initiatives.

• You will grow and manage a team of information security professionals

• You will participate in production support and data breach incidents and drills

• You will stay current with emerging security threats, vulnerabilities, and technologies, and proactively adjust security measures as necessary.

One year deliverables:

• Readiness for PCI DSS Level I audit

• Compliance with CCPA and the Data Privacy Acts of the Philippines and Malaysia

• Role-based access control

• Solution for workstation management and BYOD at scale

About you:

• You have between 8 and 10 years of IT experience with five or more years leading a team

• You have experience implementing and managing the following services:

  • Information security management frameworks (PCI DSS, ISO 27001, SOC 2, etc.)

  • Data privacy frameworks (GDPR, CCPA, etc.)

  • Identity management systems and role-based access control

  • Workstation and BYOD management applications

  • Security best practices for hybrid (cloud+on-premise) product and corporate infrastructure

• You enjoy being a hands-on contributor, an influencer, and a leader, in equal measure

• You have strong prioritization and project management skills

• You are resourceful and are comfortable working independently in ambiguous situations

• You are willing to work in-office 5 days a week, starting at 3am PHT Tuesday-Saturday to align with US hours

Bonus points:

• You have completed green-field security framework implementations at startups or other small-to-midsize companies

• You have experience with scripting and APIs

• You have a practical, business-oriented approach to security practices

• You are open and willing to take on additional responsibilities that may be outside of this role. We are a growing company!

If you do not meet all the requirements listed above which candidates rarely do, don't worry. We still encourage you to apply!

Tarro is committed to hiring the best team to empower small businesses to thrive. We believe that a diverse workforce is paramount to our success. We welcome talent from all backgrounds - including but not limited to - race, sexual orientation, gender identity, age, nationality, religion, veteran status, political affiliation, and disability.

#J-18808-Ljbffr

About us: Here at Tarro we build products that empower small brick and mortar restaurants by liberating them of the operational burden of running their business. We accomplish this by providing a frictionless connection between them and their customers through our platform. In-turn empowering them to focus on creating a better experience for their customers while helping their business thrive. We obsess over placing our customers first and working backwards from there. When our customers succeed, we succeed! To learn more about our culture, values and how you can be a part of helping mom & pop restaurants thrive, please visit us

here ! What we’re looking for: We are seeking a highly skilled and experienced Sr Manager of Information Security and Compliance to lead our organization’s information security strategy and operations. The ideal candidate will have a robust background in both cloud and on-premise infrastructure, a deep understanding of data privacy regulations, and extensive experience with PCI DSS compliance and other security frameworks. As a player-coach, the Sr Manager of Information Security will be both a hands-on contributor and a strategic leader, capable of designing, implementing, and managing comprehensive security measures while leading and developing a team of security professionals. What you will accomplish: You will develop and execute a comprehensive information security strategy aligned with business objectives, regulatory requirements, and risk profiles

You will ensure compliance with relevant data privacy regulations, including PCI DSS, Philippines/Malaysia’s DPAs, CCPA, and others as needed

You will maintain and ensure compliance with the company’s information security management system

You will lead the design, implementation, and maintenance of secure cloud-based and on-premise infrastructure spanning our product and corporate environments

You will work closely with internal stakeholders across various departments to ensure alignment on security practices and initiatives.

You will grow and manage a team of information security professionals

You will participate in production support and data breach incidents and drills

You will stay current with emerging security threats, vulnerabilities, and technologies, and proactively adjust security measures as necessary.

One year deliverables: Readiness for PCI DSS Level I audit

Compliance with CCPA and the Data Privacy Acts of the Philippines and Malaysia

Role-based access control

Solution for workstation management and BYOD at scale

About you: You have between 8 and 10 years of IT experience with five or more years leading a team

You have experience implementing and managing the following services: Information security management frameworks (PCI DSS, ISO 27001, SOC 2, etc.)

Data privacy frameworks (GDPR, CCPA, etc.)

Identity management systems and role-based access control

Workstation and BYOD management applications

Security best practices for hybrid (cloud+on-premise) product and corporate infrastructure

You enjoy being a hands-on contributor, an influencer, and a leader, in equal measure

You have strong prioritization and project management skills

You are resourceful and are comfortable working independently in ambiguous situations

You are willing to work in-office 5 days a week, starting at 3am PHT Tuesday-Saturday to align with US hours

Bonus points: You have completed green-field security framework implementations at startups or other small-to-midsize companies

You have experience with scripting and APIs

You have a practical, business-oriented approach to security practices

You are open and willing to take on additional responsibilities that may be outside of this role. We are a growing company!

If you do not meet all the requirements listed above which candidates rarely do, don't worry. We still encourage you to apply! Tarro is committed to hiring the best team to empower small businesses to thrive. We believe that a diverse workforce is paramount to our success. We welcome talent from all backgrounds - including but not limited to - race, sexual orientation, gender identity, age, nationality, religion, veteran status, political affiliation, and disability.

#J-18808-Ljbffr

Company overview

A pioneer & industry leader in cloud-based transformative technologies for business supply chains through collaborative platforms. As a result of rapid expansion, they are looking to bring on board an excellent IT Security Executive to support their team.

The new role

1. Participate and develop IT Security policies, guidelines, checklists and standards in software services regulatory compliance assessments and relevant control discussions.
2. Monitor ongoing compliance with IT Security policies, procedures and guidelines. Good knowledge on Cybersecurity framework.
3. Providing and maintaining the necessary documentation to demonstrate compliance with the ISO 27001 but not limited to policies, procedures, templates, forms and ensuring that they are kept up to date.
4. Support and assist Information Security HOD, to ensure processes are defined, implemented and maintained, with appropriate control points, necessary in the Business to ensure a compliant posture.
5. Deliver Compliance and IT security Awareness activities, Educations and Trainings. Support Compliance related projects.
6. Develop, implement and monitor ongoing reporting mechanisms for IT security practices to support compliance and highlight areas of exposure.
7. Support the IT Security Risk Management Process and help select controls and risk mitigation measures for the same.
8. Provide Audit support for internal and external reviews e.g., pre-audit preparation activities, support data collection, respond to data/meeting requests etc.

Requirements to succeed

1. Possess at least 3-5 years of working experience related to information security practices particularly in Governance, Risk and Compliance.
2. Strong experience in documentation of technology controls reviews, risk assessments, policy and compliance review.
3. Possess good understanding or certification in ISO/IEC 27001:2013.
4. Analytical skills with the ability to provide practical solutions for effective risk management.
5. Good understanding and knowledge of ITSM framework and processes.
6. Knowledge or experience in ITSM tool development and configuration is an added advantage.

Rewards gained

The opportunity to join a fast-expanding Group which is a global leader in its field of industry and offers excellent career progression opportunities. The Group strongly encourages employees to develop their strengths and recognize their achievements accordingly.

To Apply

If you’re interested in this role, click ‘apply now’ to submit your resume (in MS Word format) to Due to overwhelming responses, we will only be able to contact shortlisted candidates.

Job Ref: 20220817/111

Consultant: Yi Mei Lee

Registration No: 201901037350 (1346680-W)

EA Licence No: JTKSM 949A

#J-18808-Ljbffr

Company overview

A pioneer & industry leader in cloud-based transformative technologies for business supply chains through collaborative platforms. As a result of rapid expansion, they are looking to bring on board an excellent IT Security Executive to support their team.

The new role

Participate and develop IT Security policies, guidelines, checklists and standards in software services regulatory compliance assessments and relevant control discussions.

Monitor ongoing compliance with IT Security policies, procedures and guidelines. Good knowledge on Cybersecurity framework.

Providing and maintaining the necessary documentation to demonstrate compliance with the ISO 27001 but not limited to policies, procedures, templates, forms and ensuring that they are kept up to date.

Support and assist Information Security HOD, to ensure processes are defined, implemented and maintained, with appropriate control points, necessary in the Business to ensure a compliant posture.

Deliver Compliance and IT security Awareness activities, Educations and Trainings. Support Compliance related projects.

Develop, implement and monitor ongoing reporting mechanisms for IT security practices to support compliance and highlight areas of exposure.

Support the IT Security Risk Management Process and help select controls and risk mitigation measures for the same.

Provide Audit support for internal and external reviews e.g., pre-audit preparation activities, support data collection, respond to data/meeting requests etc.

Requirements to succeed

Possess at least 3-5 years of working experience related to information security practices particularly in Governance, Risk and Compliance.

Strong experience in documentation of technology controls reviews, risk assessments, policy and compliance review.

Possess good understanding or certification in ISO/IEC 27001:2013.

Analytical skills with the ability to provide practical solutions for effective risk management.

Good understanding and knowledge of ITSM framework and processes.

Knowledge or experience in ITSM tool development and configuration is an added advantage.

Rewards gained

The opportunity to join a fast-expanding Group which is a global leader in its field of industry and offers excellent career progression opportunities. The Group strongly encourages employees to develop their strengths and recognize their achievements accordingly.

To Apply

If you’re interested in this role, click ‘apply now’ to submit your resume (in MS Word format) to Due to overwhelming responses, we will only be able to contact shortlisted candidates.

Job Ref: 20220817/111

Consultant: Yi Mei Lee

Registration No: 201901037350 (1346680-W)

EA Licence No: JTKSM 949A

#J-18808-Ljbffr

Senior/Junior Information Security Consultant (Governance, Risk and Compliance) Location: Malaysia

Job Summary and Mission

This position contributes to the success of wizlynx group by performing the following:

• Responsible for development and operational activities across the entire scope of our clients' Security Governance, Risk and Compliance programs.
• The job encompasses leading and participating in the assessment of security, risks, and control effectiveness for applications, infrastructure, and technology projects. The Specialist will identify, classify, and document control issues in our clients' computing environment by documenting assessment results, recommending corrective action, tracking remediation, evaluating policy and control standard exceptions, and regularly reporting to our clients' IT management.
• Serve as the primary contact point for issue escalation.
• Manage service support requirements and ensure that quality plan, KPIs/SLAs are met.
• Draft support SOP and documentation.
• Models and acts in accordance with wizlynx group guiding principles.

With this position, you will also have the opportunity to get introduced to different areas of information and cyber security such as Offensive Security & Penetration Testing.

Summary of Key Responsibilities

• Leads IT control assessments for our clients to ensure effective IT controls are in place to meet operational and compliance requirements.
• Works with our clients' IT, Internal Audit, Compliance and other key stakeholders to create an IT GRC strategy that complies with professional standards and addresses the IT risks inherent in our client’s operations and industry.
• Develops Vendor Risk Management policies and supports client’s risk profile assessment for vendor onboarding process and conducts annual review of critical vendors.
• Performs ongoing logical access reviews and recommends updates to access control privileges to ensure proper Segregation of Duties based on user access reviews.
• Effectively reports and communicates testing results to client’s IT management for corrective action, where required.
• Conducts information security awareness training.
• Performs evidence collection and project management assistance of our clients' annual compliance (e.g. CREST, PCI DSS) certification program.
• Track and monitor risk exceptions to ensure control deviations are identified and mitigating controls are in place.
• Assist our clients with drafting and maintaining information security policies.
• Provides mentoring for other team members.
• Demonstrates excellent project management skills, inspires teamwork and responsibility with engagement team members, and uses current technology/tools to enhance the effectiveness of deliverables and services.
• Facilitates the performance and testing of our client’s annual disaster recovery tests and business continuity plans.

Summary of Ideal Experience, Skills, Knowledge, and Abilities

Ideal Experience

a) Senior GRC role:

A minimum of five years of experience in information security audit or in a technology-related audit or compliance field, and strong knowledge base in operations, enterprise networking, system evaluation/architecture and consulting experience preferred.

b) Junior GRC role:
One to two years of experience in information security audit or in a technology-related audit or compliance field, and strong knowledge base in operations, enterprise networking, system evaluation/architecture and consulting experience preferred.

• Strong understanding of and ability to provide security configuration and testing of networking and operating systems including TCP/IP, WAN/LAN routing, VLAN architecture, and a wide array of large-scale environments including various major web application servers.
• Strong understanding of information security principles such as ISO 27001, BNM GPIS, MAS TRM PCI-DSS, PDPA, and other regulatory compliance.

Language Skills

• Fluent technical English (speech and writing).
• Ability to communicate clearly and concisely, both orally and in writing, in local language.

Soft Skills

• Excellent team leadership, team-oriented and team player who takes ownership.
• Flexible attitude, reliable, action-oriented.
• Customer-friendly approach and appearance.
• Willingness to travel.
• Innovative to push new ideas, dynamic and forward-looking with clear management principles towards the team.
• Able to work independently, critical thinking and be able to communicate effectively with the support team and customers.
• Enjoys working in a global team with different cultures.

Technical Skills and Abilities

• Microsoft OS and Office knowledge.
• Technical document writing.
• Experience in Project Management in IT.
• Knowledge in perimeter firewall infrastructure and VPN remote access.

Summary of Education

• Bachelor's degree from an accredited college/university in an appropriate field.

Certifications / Training

• CISM, CISA, CRISC, CISSP certified.

KEY PERFORMANCE INDICATORS / MEASURES OF SUCCESS

• Achieve agreed targets/SLA/KPI in terms of quality, time and cost.
• Lead team members to achieve team/organizational goals.
• Improve and retain high customer satisfaction.

POTENTIAL CAREER DEVELOPMENT

• Advance to higher business development tiers or geographic reach.

APPLY NOW

Your Full Name

Your Email

Upload Resume

Your Full Name Your Email Upload Resume I grant wizlynx group my consent to the processing of my personal information for the job application purposes.

#J-18808-Ljbffr

Senior/Junior Information Security Consultant (Governance, Risk and Compliance)

Location: Malaysia

Job Summary and Mission This position contributes to the success of wizlynx group by performing the following: Responsible for development and operational activities across the entire scope of our clients' Security Governance, Risk and Compliance programs. The job encompasses leading and participating in the assessment of security, risks, and control effectiveness for applications, infrastructure, and technology projects. The Specialist will identify, classify, and document control issues in our clients' computing environment by documenting assessment results, recommending corrective action, tracking remediation, evaluating policy and control standard exceptions, and regularly reporting to our clients' IT management. Serve as the primary contact point for issue escalation. Manage service support requirements and ensure that quality plan, KPIs/SLAs are met. Draft support SOP and documentation. Models and acts in accordance with wizlynx group guiding principles. With this position, you will also have the opportunity to get introduced to different areas of information and cyber security such as Offensive Security & Penetration Testing. Summary of Key Responsibilities Leads IT control assessments for our clients to ensure effective IT controls are in place to meet operational and compliance requirements. Works with our clients' IT, Internal Audit, Compliance and other key stakeholders to create an IT GRC strategy that complies with professional standards and addresses the IT risks inherent in our client’s operations and industry. Develops Vendor Risk Management policies and supports client’s risk profile assessment for vendor onboarding process and conducts annual review of critical vendors. Performs ongoing logical access reviews and recommends updates to access control privileges to ensure proper Segregation of Duties based on user access reviews. Effectively reports and communicates testing results to client’s IT management for corrective action, where required. Conducts information security awareness training. Performs evidence collection and project management assistance of our clients' annual compliance (e.g. CREST, PCI DSS) certification program. Track and monitor risk exceptions to ensure control deviations are identified and mitigating controls are in place. Assist our clients with drafting and maintaining information security policies. Provides mentoring for other team members. Demonstrates excellent project management skills, inspires teamwork and responsibility with engagement team members, and uses current technology/tools to enhance the effectiveness of deliverables and services. Facilitates the performance and testing of our client’s annual disaster recovery tests and business continuity plans. Summary of Ideal Experience, Skills, Knowledge, and Abilities Ideal Experience a) Senior GRC role: A minimum of five years of experience in information security audit or in a technology-related audit or compliance field, and strong knowledge base in operations, enterprise networking, system evaluation/architecture and consulting experience preferred. b) Junior GRC role: One to two years of experience in information security audit or in a technology-related audit or compliance field, and strong knowledge base in operations, enterprise networking, system evaluation/architecture and consulting experience preferred. Strong understanding of and ability to provide security configuration and testing of networking and operating systems including TCP/IP, WAN/LAN routing, VLAN architecture, and a wide array of large-scale environments including various major web application servers. Strong understanding of information security principles such as ISO 27001, BNM GPIS, MAS TRM PCI-DSS, PDPA, and other regulatory compliance. Language Skills Fluent technical English (speech and writing). Ability to communicate clearly and concisely, both orally and in writing, in local language. Soft Skills Excellent team leadership, team-oriented and team player who takes ownership. Flexible attitude, reliable, action-oriented. Customer-friendly approach and appearance. Willingness to travel. Innovative to push new ideas, dynamic and forward-looking with clear management principles towards the team. Able to work independently, critical thinking and be able to communicate effectively with the support team and customers. Enjoys working in a global team with different cultures. Technical Skills and Abilities Microsoft OS and Office knowledge. Technical document writing. Experience in Project Management in IT. Knowledge in perimeter firewall infrastructure and VPN remote access. Summary of Education Bachelor's degree from an accredited college/university in an appropriate field. Certifications / Training CISM, CISA, CRISC, CISSP certified. KEY PERFORMANCE INDICATORS / MEASURES OF SUCCESS Achieve agreed targets/SLA/KPI in terms of quality, time and cost. Lead team members to achieve team/organizational goals. Improve and retain high customer satisfaction. POTENTIAL CAREER DEVELOPMENT Advance to higher business development tiers or geographic reach. APPLY NOW

Your Full Name Your Email Upload Resume Your Full Name Your Email Upload Resume I grant wizlynx group my consent to the processing of my personal information for the job application purposes.

#J-18808-Ljbffr

• The Contractor - Third Party Risk Assessment Analyst will be responsible for evaluating the security and compliance posture of third-party vendors and partners. This role involves identifying potential risks, assessing mitigation measures, and ensuring that third-party relationships align with FWD's security policies and regulatory requirements.

Responsibilities

• Conduct comprehensive risk assessments of third-party vendors and partners.
• Evaluate vendors' security policies, procedures, and controls to ensure they meet FWD's standards.
• Identify potential risks associated with third-party relationships and recommend appropriate mitigation measures.
• Collaborate with internal stakeholders to gather necessary information and ensure a thorough assessment process.
• Maintain up-to-date records of third-party risk assessments and findings.
• Provide detailed reports and risk ratings for third-party vendors.
• Assist in the development and improvement of third-party risk management policies and procedures.
• Monitor and track remediation efforts by third parties to address identified risks.
• Stay current with industry best practices, regulatory requirements, and emerging threats related to third-party risk management.

Required Skills

• Bachelor’s degree in Information Security, Risk Management, Business Administration, or a related field.
• 3 or more years of experience in third-party risk assessment, vendor management, or a related area.
• Strong understanding of information security principles, risk management frameworks, and regulatory requirements (e.g., GDPR, CCPA, PCI-DSS).
• Experience with risk assessment methodologies and tools.
• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal skills, with the ability to collaborate effectively with internal and external stakeholders.
• Detail-oriented with strong organizational skills.
• Relevant certifications (e.g., CISA, CISM, CISSP, CRISC) are a plus.

Required Qualification

• Experience working in the financial industry.
• Familiarity with third-party risk management software and platforms.
• Ability to manage multiple assessments simultaneously and meet deadlines.

Apply Now

Name *

Email *

Phone * +91

• United States +1
• United Kingdom +44
• Afghanistan (افغانستان) +93
• Albania (Shqipëri) +355
• Algeria (الجزائر) +213
• American Samoa +1
• Andorra +376
• Angola +244
• Anguilla +1
• Antigua and Barbuda +1
• Argentina +54
• Armenia (Հայաստան) +374
• Aruba +297
• Ascension Island +247
• Australia +61
• Austria (Österreich) +43
• Azerbaijan (Azərbaycan) +994
• Bahamas +1
• Bahrain (البحرين) +973
• Bangladesh (বাংলাদেশ) +880
• Barbados +1
• Belarus (Беларусь) +375
• Belgium (België) +32
• Belize +501
• Benin (Bénin) +229
• Bermuda +1
• Bhutan (འབྲུག) +975
• Bolivia +591
• Bosnia and Herzegovina (Босна и Херцеговина) +387
• Botswana +267
• Brazil (Brasil) +55
• British Indian Ocean Territory +246
• British Virgin Islands +1
• Brunei +673
• Bulgaria (България) +359
• Burkina Faso +226
• Burundi (Uburundi) +257
• Cambodia (កម្ពុជា) +855
• Cameroon (Cameroun) +237
• Canada +1
• Cape Verde (Kabu Verdi) +238
• Caribbean Netherlands +599
• Cayman Islands +1
• Central African Republic (République centrafricaine) +236
• Chad (Tchad) +235
• Chile +56
• China (中国) +86
• Christmas Island +61
• Cocos (Keeling) Islands +61
• Colombia +57
• Comoros (جزر القمر) +269
• Congo (DRC) (Jamhuri ya Kidemokrasia ya Kongo) +243
• Congo (Republic) (Congo-Brazzaville) +242
• Cook Islands +682
• Costa Rica +506
• Côte d’Ivoire +225
• Croatia (Hrvatska) +385
• Cuba +53
• Curaçao +599
• Cyprus (Κύπρος) +357
• Czech Republic (Česká republika) +420
• Denmark (Danmark) +45
• Djibouti +253
• Dominica +1
• Dominican Republic (República Dominicana) +1
• Ecuador +593
• Egypt (مصر) +20
• El Salvador +503
• Equatorial Guinea (Guinea Ecuatorial) +240
• Eritrea +291
• Estonia (Eesti) +372
• Eswatini +268
• Ethiopia +251
• Falkland Islands (Islas Malvinas) +500
• Faroe Islands (Føroyar) +298
• Fiji +679
• Finland (Suomi) +358
• France +33
• French Guiana (Guyane française) +594
• French Polynesia (Polynésie française) +689
• Gabon +241
• Gambia +220
• Georgia (საქართველო) +995
• Germany (Deutschland) +49
• Ghana (Gaana) +233
• Gibraltar +350
• Greece (Ελλάδα) +30
• Greenland (Kalaallit Nunaat) +299
• Grenada +1
• Guadeloupe +590
• Guam +1
• Guatemala +502
• Guernsey +44
• Guinea (Guinée) +224
• Guinea-Bissau (Guiné Bissau) +245
• Guyana +592
• Haiti +509
• Honduras +504
• Hong Kong (香港) +852
• Hungary (Magyarország) +36
• Iceland (Ísland) +354
• India (भारत) +91
• Indonesia +62
• Iran (ایران) +98
• Iraq (العراق) +964
• Ireland +353
• Isle of Man +44
• Israel (ישראל) +972
• Italy (Italia) +39
• Jamaica +1
• Japan (日本) +81
• Jersey +44
• Jordan (الأردن) +962
• Kazakhstan (Казахстан) +7
• Kenya +254
• Kiribati +686
• Kosovo +383
• Kuwait (الكويت) +965
• Kyrgyzstan (Кыргызстан) +996
• Laos (ລາວ) +856
• Latvia (Latvija) +371
• Lebanon (لبنان) +961
• Lesotho +266
• Liberia +231
• Libya (ليبيا) +218
• Liechtenstein +423
• Lithuania (Lietuva) +370
• Luxembourg +352
• Macau (澳門) +853
• Macedonia (FYROM) (Македонија) +389
• Madagascar (Madagasikara) +261
• Malawi +265
• Malaysia +60
• Maldives +960
• Mali +223
• Malta +356
• Marshall Islands +692
• Martinique +596
• Mauritania (موريتانيا) +222
• Mauritius (Moris) +230
• Mayotte +262
• Mexico (México) +52
• Micronesia +691
• Moldova (Republica Moldova) +373
• Monaco +377
• Mongolia (Монгол) +976
• Montenegro (Crna Gora) +382
• Montserrat +1
• Morocco (المغرب) +212
• Mozambique (Moçambique) +258
• Myanmar (Burma) (မြန်မာ) +95
• Namibia (Namibië) +264
• Nauru +674
• Nepal (नेपाल) +977
• Netherlands (Nederland) +31
• New Caledonia (Nouvelle-Calédonie) +687
• New Zealand +64
• Nicaragua +505
• Niger (Nijar) +227
• Nigeria +234
• Niue +683
• Norfolk Island +672
• North Korea (조선 민주주의 인민 공화국) +850
• Northern Mariana Islands +1
• Norway (Norge) +47
• Oman (عُمان) +968
• Pakistan (پاکستان) +92
• Palau +680
• Palestine (فلسطين) +970
• Panama (Panamá) +507
• Papua New Guinea +675
• Paraguay +595
• Peru (Perú) +51
• Philippines +63
• Poland (Polska) +48
• Portugal +351
• Puerto Rico +1
• Qatar (قطر) +974
• Réunion (La Réunion) +262
• Romania (România) +40
• Russia (Россия) +7
• Rwanda +250
• Saint Barthélemy +590
• Saint Helena +290
• Saint Kitts and Nevis +1
• Saint Lucia +1
• Saint Martin (Saint-Martin (partie française)) +590
• Saint Pierre and Miquelon (Saint-Pierre-et-Miquelon) +508
• Saint Vincent and the Grenadines +1
• Samoa +685
• San Marino +378
• São Tomé and Príncipe (São Tomé e Príncipe) +239
• Saudi Arabia (المملكة العربية السعودية) +966
• Senegal (Sénégal) +221
• Serbia (Србија) +381
• Seychelles +248
• Sierra Leone +232
• Singapore +65
• Sint Maarten +1
• Slovakia (Slovensko) +421
• Slovenia (Slovenija) +386
• Solomon Islands +677
• Somalia (Soomaaliya) +252
• South Africa +27
• South Korea (대한민국) +82
• South Sudan (جنوب السودان) +211
• Spain (España) +34
• Sri Lanka (ශ්රී ලංකාව) +94
• Sudan (السودان) +249
• Suriname +597
• Svalbard and Jan Mayen +47
• Sweden (Sverige) +46
• Switzerland (Schweiz) +41
• Syria (سوريا) +963
• Taiwan (台灣) +886
• Tajikistan +992
• Tanzania +255
• Thailand (ไทย) +66
• Timor-Leste +670
• Togo +228
• Tokelau +690
• Tonga +676
• Trinidad and Tobago +1
• Tunisia (تونس) +216
• Turkey (Türkiye) +90
• Turkmenistan +993
• Turks and Caicos Islands +1
• Tuvalu +688
• U.S. Virgin Islands +1
• Uganda +256
• Ukraine (Україна) +380
• United Arab Emirates (الإمارات العربية المتحدة) +971
• United Kingdom +44
• United States +1
• Uruguay +598
• Uzbekistan (Oʻzbekiston) +998
• Vanuatu +678
• Vatican City (Città del Vaticano) +39
• Venezuela +58
• Vietnam (Việt Nam) +84
• Wallis and Futuna (Wallis-et-Futuna) +681
• Western Sahara (الصحراء الغربية) +212
• Yemen (اليمن) +967
• Zambia +260
• Zimbabwe +263
• Åland Islands +358

#J-18808-Ljbffr