72 Security Awareness Training jobs in Kuala Lumpur

Join our global team for a career filled with opportunities to solve challenges both small and large, local and global, simple and complex.

About Us Wilhelmsen Ship Management is one of the world’s largest third-party ship managers originated from Oslo, Norway with a portfolio of more than 450 vessels, a pool of more than 14,000 seafarers and over 900 shore-based employees all over the world. Our employees are working with a comprehensive global maritime group providing over half of the merchant fleet with essential products and services, along with supplying crew and technical management to the largest and most complex vessels ever to sail.

We offer a culture and vibrant work environment of strong leadership, collaborative, career development, work-life balance and a job that is both challenging and stimulating. All team members are empowered with the freedom to influence each other as long it complies with our Company’s values and vision.

• Support the implementation and continuous improvement of the ISO 27001 Information Security Management System (ISMS).

• Assist in identifying and managing information security risks, controls, and related documentation.

• Help maintain records such as the statement of applicability (SoA), risk treatment plans, and security policies.

• Perform regular technical security reviews including vulnerability scans, patch status checks, and log analysis.

• Assist in ensuring compliance with internal controls and regulatory standards through documentation and audits.

• Support the configuration and maintenance of security systems such as firewalls, endpoint protection, and monitoring tools.

• Participate in incident handling and investigations under the guidance of the Senior Cyber Security Specialist.

• Assist with asset inventory updates, system classification, and control mapping.

• Monitor and report on KPIs and KRIs relevant to the ISMS and risk management.

• Collaborate in the delivery of user awareness training on information security and cyber security.

• Contribute to change and incident management processes from a security compliance perspective.

• Assist to track and monitor status of risk assessment.

• Support internal and external audits by providing relevant documentation and evidence.

• Bachelor's degree or higher in Cyber Security, Information Security, Computer Science, InformationSystems/Technology, or related field.

• Minimum 3 years of working experience in Cyber Security / Risk Management / Internal Audit or equivalent work experience.

• Foundational understanding of networking, operating systems, and common cyber threats.

• Familiarity with security monitoring tools, log analysis, and basic incident response processes.

• Good analytical, organizational, and communication skills.

• Knowledge of regulatory requirements and industry standards.

• Preferably with certification in the areas of Cyber Security/Information Security.

• Familiarity with industry cybersecurity frameworks and standards, such as ISO 27001, NIS2 and CISControls, is necessary.

Note: Only shortlisted candidates will be contacted

Become a valued member of our team, where every day presents new opportunities for learning and development. Sound interesting? Click "APPLY" now to embark on a rewarding career journey!

#WSM

List of Responsibilities:

• Ongoing leadership and review of IT security

• Implementing and designing cyber security policies, procedures and system solutions in line with industry standards and certifications

• Operate, conduct, and maintain DUG’s SIEM platform and conduct regular security audits of systems, policies, procedures, network configuration, operating systems, authentication systems, permission structures

• Serve as the DUG point person for third-party security audit(s)

• Provide pre-sales security briefings / Q&A to DUG HPC Cloud customer security teams

• Work with DUG HPC Cloud customers and DUG teams on security integration

• Provide strategic-level guidance for DUG’s cyber security program and ensure compliance with cyber security policy, standards, regulations and legislation, working with the senior executives within DUG.

• Ensure the alignment of cyber security and business objectives within DUG. To achieve this, you will facilitate communication between cyber security and business stakeholders. This includes translating cyber security concepts and language into business concepts and language as well as ensuring that business teams consult with cyber security teams to determine appropriate security measures when planning new business projects. Additionally, you will be responsible for the development of the strategic-level cyber security program, being best placed to advise projects on the strategic direction of cyber security.

• Contribute to the development and maintenance of DUG’s business continuity and disaster recovery plans, with the aim to improve business resilience and ensure the continued operation of critical business processes

• Report on the DUG’s security risk profile, the status of key systems and any outstanding security risks, any planned cyber security uplift activities, any recent cyber security incidents, and expected returns on cyber security investments

• Oversee DUG’s response to cyber security incidents, including how internal teams respond and communicate with each other during an incident

• Ensure that a consistent vendor management process is applied across their organisation, from discovery through to ongoing management

• Ongoing leadership and review of IT security
• Implementing and designing cyber security policies, procedures, and system solutions in line with industry standards and certifications
• Operate, conduct, and maintain DUG’s SIEM platform and conduct regular security audits of systems, policies, procedures, network configuration, operating systems, authentication systems, permission structures
• Serve as the DUG point person for third-party security audits
• Provide pre-sales security briefings / Q&A to DUG HPC Cloud customer security teams
• Work with DUG HPC Cloud customers and DUG teams on security integration
• Provide strategic-level guidance for DUG’s cyber security program and ensure compliance with cyber security policies, standards, regulations, and legislation, working with senior executives within DUG
• Ensure the alignment of cyber security and business objectives within DUG, facilitating communication between cyber security and business stakeholders, translating cyber security concepts into business language, and advising on security measures for new projects
• Contribute to the development and maintenance of DUG’s business continuity and disaster recovery plans to enhance resilience and ensure operational continuity
• Report on the security risk profile, status of key systems, outstanding risks, security uplift activities, recent incidents, and cybersecurity investment returns
• Oversee DUG’s response to cybersecurity incidents, including internal communication and response strategies
• Apply a consistent vendor management process across the organization, from discovery to ongoing management

Job Description

Part A: Risk Management

i. Develop and maintain the Technology Risk Management Framework TRMF and Cyber Resilience Framework CRF via the following:

• Assist to develop risk mitigation strategies and formulate enhancements to the TRMF and CRF to maintain a framework that remains relevant in identifying and mitigating significant risks in the achievement of business objectives.
• Assess and regularly analyze IT risks, by evaluating the impact and likelihood of the identified IT risks and prioritise them via maintenance of IT risk registers.
• Develop and enforce disaster recovery and business continuity plans to address potential cybersecurity incidents.

ii. Perform analysis and risk assessment of proposed new products/ new IT vendors to ensure new initiatives/ vendor appointments commence in a manner that minimizes risk to the organization.

iii. Conduct assessment on the Company's compliance with relevant regulatory requirements and policies.

iv. Collaborate with cross-functional teams to integrate security measures into all aspects of the organization's infrastructure, and ensure compliance with industry regulations and internal policies.

v. Enforce risk evaluations of third-party IT outsourcing service providers (OSPs) and ensure appropriate due diligence is performed to identify, mitigate, and maintain ongoing awareness of risks to the Company resulting from IT OSPs.

vi. Provide guidance on the secure design, development, and deployment of new systems and applications.

Part B: Security Awareness

i. Enforce cyber hygiene training and ensure that the trainings are adequately conducted at relevant levels/ departmental functions.

ii. Analyze and assess relevance and impact of cyber threat alerts received, and prepare reports and recommend remedial/ mitigation measures where relevant.

iii. Stay up to date with the latest trends, technologies, and threats in the cybersecurity field.

iv. Recommend and implement security improvements, leveraging emerging technologies to strengthen the organization's security posture.

Part C: Incident Response and Crisis Management

i. Lead incident response efforts in case of a security breach or cyberattack, ensuring effective resolution and communication.

ii. Coordinate with cross-functional teams and third party service providers to provide timely and effective cyber incident responses.

iii. Post-incident, lead efforts to identify root causes, implement corrective actions, and prevent future occurrences.

Requirement

• Experience in performing IT audits and risk assessment assignments.
• Strong understanding of relevant cybersecurity regulations and standards (e.g., BNM Risk Management in Technology, PCI DSS, NIST Cybersecurity Framework).
• Clear understanding of IT operations with an information security perspective and its interaction with risk appetites to ensure compliance with industry, regulator, and card scheme requirements.
• Able to evaluate IT internal controls and identify opportunities for controls improvement.
• Strong analytical and problem-solving skills.
• Able to multi-task and possess effective time management skills.
• Able to produce high quality work deliverables on timely basis.
• Excellent written English and interpersonal skills, a team player and communicator, and a self starter.

Job Types: Full-time, Permanent

Pay: RM7, RM9,000.00 per month

Benefits:

• Maternity leave
• Opportunities for promotion
• Professional development

Education:

• Bachelor's (Preferred)

Experience:

• IT audit, IT security and/or cybersecurity: 5 years (Required)

License/Certification:

• Professional Cert (CISSP, CISM, CISA, CEH, CompTIA Security) (Required)

Location:

• Kuala Lumpur (Required)

Work Location: In person

As Information Security Engineer of Boost Digital Bank, your primary responsibility will be protecting Boost Bank environment and data from potential security threats. You will collaborate closely with cross-functional teams to design and implement security controls.

• Create and maintain the security controls of the infrastructure that follows industry best practices.
• Work with engineering team to ensure that applications and projects are secure on delivery.
• Monitor network and system activity for suspicious behavior or unauthorised access.
• Liaise with security operations on security incidents investigations.
• Conduct vulnerability testing and security testing.
• Identify and assess risk and vulnerabilities of applications and infrastructure.
• Support information security awareness initiatives
• Able to prepare IT Security related reporting
• Maintain awareness of latest security threats and respond to security incidents.

Job Requirements & Criteria:

• At least 3 years of working experience on cyber security.
• Good understanding in public cloud platforms such as AWS or Azure.
• Good understanding of cybersecurity principles, networking concepts and operating systems.
• Experienced in using security tools and technologies for monitoring, detection, and prevention.
• Familiarity with cyber security framework and standards.
• Ability to work collaboratively in cross-functional teams.
• Excellent problem-solving and critical-thinking abilities.
• Strong communication and interpersonal skills.

Part A: Risk Management

i. Develop and maintain the Technology Risk Management Framework TRMF and Cyber Resilience Framework CRF via the following:

· Assist to develop risk mitigation strategies and formulate enhancements to the TRMF and CRF to maintain a framework that remains relevant in identifying and mitigating significant risks in the achievement of business objectives.

· Assess and regularly analyze IT risks, by evaluating the impact and likelihood of the identified IT risks and prioritise them via maintenance of IT risk registers.

· Develop and enforce disaster recovery and business continuity plans to address potential cybersecurity incidents.

ii. Perform analysis and risk assessment of proposed new products/ new IT vendors to ensure new initiatives/ vendor appointments commence in a manner that minimizes risk to the organization.

iii. Conduct assessment on the Company's compliance with relevant regulatory requirements and policies.

iv. Collaborate with cross-functional teams to integrate security measures into all aspects of the organization's infrastructure, and ensure compliance with industry regulations and internal policies.

v. Enforce risk evaluations of third-party IT outsourcing service providers (OSPs) and ensure appropriate due diligence is performed to identify, mitigate, and maintain ongoing awareness of risks to the Company resulting from IT OSPs.

vi. Provide guidance on the secure design, development, and deployment of new systems and applications.

Part B: Security Awareness

i. Enforce cyber hygiene training and ensure that the trainings are adequately conducted at relevant levels/ departmental functions.

ii. Analyze and assess relevance and impact of cyber threat alerts received, and prepare reports and recommend remedial/ mitigation measures where relevant.

iii. Stay up to date with the latest trends, technologies, and threats in the cybersecurity field.

iv. Recommend and implement security improvements, leveraging emerging technologies to strengthen the organization's security posture.

Part C: Incident Response and Crisis Management

i. Lead incident response efforts in case of a security breach or cyberattack, ensuring effective resolution and communication.

ii. Coordinate with cross-functional teams and third party service providers to provide timely and effective cyber incident responses.

iii. Post-incident, lead efforts to identify root causes, implement corrective actions, and prevent future occurrences.

REQUIREMENTS:

· Experience in performing IT audits and risk assessment assignments for at least 5 years.

· Experience developing, implementing, and reviewing security policies, risk assessments, and frameworks (ISO 27001, NIST, etc.)

· Hands-on work in incident response, vulnerability management, or Security Operations Centre SOC environments (a plus if they've led Incident Response IR playbooks).

· Experience dealing with audits and regulators (especially BNM, if local), understanding of RMiT, PCIDSS, or GDPR.

· Worked on or led ISO 27001 certification/maintenance.

· Familiarity with SIEM, endpoint protection, DLP, IDS/IPS, etc.

· Reviewed contracts and SLAs, managed vendor risk assessments.

· Participated in secure software development or secure system implementation projects.

· Excellent written English and interpersonal skills, a team player and communicator, and a self-starter.

· Bachelor's Degree (or equivalent) and above.

*Profession certification (such as CISSP, CISM, CISA, CEH or CompTIA Security+ or equivalent).

Position: Information Security Engineering Lead

Mode: Renewable contract

Key Responsibilities

• Acts as a team leader providing guidance to Security Engineering team and sets goals and assists the team in accomplishing those goals.

• Manage security architecture and provide consultancy to strengthen security design

• Coordinate with the team to manage security tools (IPS, SIEM, VA scan, DLP, AV, ATP)

• Coordinate with project manager to deliver security projects/initiatives and provide technical consultancy

• Coordinate with the vendor to perform maintenance and enhancement activities on security tools.

• Coordinate vulnerability/security posture assessment and track remediation for closure

• Coordinate with vendor to perform Penetration test and track the finding for closure

• Collate and provide evidence/submission requested by various party (risk management/auditor/regulator) to confirm the security policies, processes, guidelines, controls are followed/implemented accordingly

Requirements:

• A Bachelor's Degree in Computer Science, Engineering, Information Systems or its equivalent.

• Minimum 8-15 years of related working experience. Knowledge of IT security is essential. Industry certifications will be a plus e.g. CRISC, CISSP, CEH, CISM and CISA.

• Highly result oriented and can work independently. Must be a self-reliant team player who is comfortable with managing multiple tasks and responsibilities.

• Ability to build relationship and interact effectively with internal and external parties. Strong engagement skills with stakeholder i.e. business and technology, will be a plus.

• Good analytical, technical, written and verbal communication skills.

• Ability to exercise discretion and independent judgment in applying established techniques, procedures or standards

Technical expertise in one or more of the following

o Network Concepts and Security, Encryption/Authentication fundamentals, Access Management, Application Security, Platform (Windows. UNIX/Linux) Security, Database Security

o Hands-on experience in various security tools (e.g. SIEM, IPS, Firewall, Vulnerability scanner tools, APT , XDR , NDR and forensic tools)

Familiar with security standards and best practice; regulatory requirement such as BNM RMIT, MAS, Paynet, PCI-DSS; Architecture and security of operating system.

Entity:
Technology

Job Family Group:
IT&S Group

Job Description:
To enable the world to reach net zero, bp are looking for the brightest digital specialists to drive innovation as it transitions from an International Oil Company (IOC) to an International Energy Company (IEC).

Are you passionate about protecting what matters most? We're seeking someone who is passionate about identifying and implementing security solutions that make bp a cyber resilient organisation Our Business Information Security team partners with the business to help them understand cyber risk and be accountable for cyber security.

We're looking for curious minds who are driven by opportunities to build value and deliver secure products and services to advance bp's strategy.

Let me tell you about the role

In the digital era, where data breaches and cyber threats are not just possibilities but realities, the role of a Global Information Security Specialist has never been more critical. Working closely with bp's business areas, you will support the protection of IT systems and business data that are important to bp's operations.

You will conduct security assessments, respond to security queries, and provide security expertise. Your expertise will help ensure that business teams can operate with confidence, knowing their systems and processes are secure.

Ready to make a real impact in energy security? Join us in safeguarding the people, processes and systems that power our transition to net zero

What you will deliver

In this role you will deliver security activities to support bp's business. This role focuses on hands-on security assessment and advisory activities with the following key accountabilities:

• Security Assessments: We need someone that can conduct comprehensive assessments of systems, identifying risks and issues while recommending appropriate remediation measures.
• Technical & Non-Technical Risk Advisory: You'll assess and communicate cybersecurity risks. We want our customers to understand potential impacts and mitigation strategies clearly.
• Cyber Behaviour Promotion: We strive to build a strong cyber security culture. You'll assist with the development and promoting good cyber behaviours in day-to-day operations.
• Incident Management Support: When security incidents happen, we need you to provide specialist security expertise. You'll support incident response activities and improvement recommendations.
• Customer Support: We want you to act as the go-to point of contact for information security. You'll provide timely and accurate expertise on security matters affecting their systems or data.
• Assess and Evaluate: You'll perform regular security assessments of business systems. We use established methodologies to identify potential risks, weaknesses and security gaps.
• Respond and Advise: We require someone who can offer our customers practical and tailored cyber security solutions. These solutions must align with operational requirements.
• Analyze and Report: You'll evaluate risks and prepare clear, actionable recommendations, and communicate these with both business and technical audiences.
• Support and Collaborate: We work closely with business teams to implement security measures. You'll help maintain robust security posture while aligning with operational needs.
• Promote and Educate: We nurture positive cyber security behaviours You'll work through targeted awareness activities, training support, and expert guidance.
• Monitor and Review: We want someone who understands the security landscape affecting bp systems and stay ahead of emerging threats and industry standard methodologies.

What you will need to be successful (experience and qualifications)

• Bachelor's degree or equivalent experience in Information or Cyber Security, Computer Science, Engineering.
• Working towards professional certifications such as Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Security Professional (CISSP), or CompTIA Security+.
• Knowledge of security frameworks such as ISO 27001/2, NIST, and CIS framework.
• Previous track record in information security roles in Finance, HR, Trading, Retail, Supply or Oil and Gas companies.
• Ability to explain security concepts to a variety of audiences.
• Solid grasp of cyber risk assessment methodologies and the ability to translate technical findings into business impact assessments.
• Attention to detail and ability to work independently while balancing multiple activities.
• Ability to adapt security recommendations to different operating environments.
• Ability to use technology, data, and insights to enable decision making.

About Bp
Bp is a global energy business with a purpose to reimagine energy for people and our planet. We aim to be a very different kind of energy company by 2030, helping the world reach net zero and improving people's lives. We are committed to creating a diverse and inclusive environment where everyone can grow and succeed. Join bp and become part of the team building our future

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Travel Requirement
No travel is expected with this role

Relocation Assistance:
This role is not eligible for relocation

Remote Type:
This position is a hybrid of office/remote working

Skills:
Automation system digital security, Client Counseling, Conformance review, Digital Forensics, Incident management, incident investigation and response, Information Assurance, Information Security, Information security behaviour change, Intrusion detection and analysis, Legal and regulatory environment and compliance, Risk Management, Secure development, Security administration, Security architecture, Security evaluation and functionality testing, Solution Architecture, Stakeholder Management, Supplier security management, Technical specialism

Legal Disclaimer:
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, socioeconomic status, neurodiversity/neurocognitive functioning, veteran status or disability status. Individuals with an accessibility need may request an adjustment/accommodation related to bp's recruiting process (e.g., accessing the job application, completing required assessments, participating in telephone screenings or interviews, etc.). If you would like to request an adjustment/accommodation related to the recruitment process, please contact us.

If you are selected for a position and depending upon your role, your employment may be contingent upon adherence to local policy. This may include pre-placement drug screening, medical review of physical fitness for the role, and background checks.