759 Security Governance jobs in Malaysia

1. Create, review, and update the Group IT Security Policies, Standards, Procedures, Guidelines, checklists, and assessment requirements related to Cloud Security.
   • Will be used by Regional & Overseas Units.
   • Ensure compliance with all local regulators’ requirements and industry best practices.
   • Align cloud security policies and assessment questions with industry standards (e.g., ISO 27001, NIST, CSA STAR, SOC 2) and regulatory requirements (e.g., BNM RMiT, MAS, OJK, HKMA).
   • Regularly review and update cloud security policies to address emerging threats and regulatory changes.

1. Perform comprehensive cloud security assessments for new and existing cloud projects, including private and public cloud solutions.
   • Review evidence from solution providers and third parties such as SOC 2 reports, CSA STAR certifications, attestation reports, and penetration testing results.
   • Validate cloud architecture and configurations to ensure compliance with security policies and standards.

1. Develop Regional IT Security Governance processes aligned with the Bank’s strategy.
2. Liaise with and manage business projects, infrastructure upgrades, penetration testing, and code reviews.
3. Provide proactive IT security consultancy and advisory services on policies, standards, and best practices across the Group.

• Education and Experience:
• Bachelor’s degree in Computer Science, Information Technology, or a related field.
• At least 2 years of experience in cloud security, governance, or a similar role; total of at least 3 years in IT security or infrastructure.
• Proven experience in conducting cloud security assessments and technical validations.
• Technical Skills:
• Strong understanding of cloud platforms (AWS, Azure, Google Cloud) and their security features.
• Knowledge of cloud security frameworks and standards (ISO 27001, NIST, CSA STAR, SOC 2).
• Experience with security tools and technologies used in cloud environments (e.g., SIEM, IAM, encryption).

Job Description - Cloud Technical Security Governance

1. Create, review and update the Group IT Security Policies, Standards, Procedures, Guidelines, checklist and assessment requirements related to Cloud Security
   • Will be used by Regional & Overseas Units
   • Comply to all local regulators’ requirements and industry best practise are captured and adhere to.
   • Ensure that cloud security policies and assessment questions are aligned with industry best practices (e.g. ISO 27001, NIST, CSA STAR, SOC 2) and regulatory requirements (e.g.BNM RMiT, MAS, OJK, HKMA)
   • Regularly review and update cloud security policies to address emerging threats and changes in the regulatory landscape.

1. Perform comprehensive cloud security assessments for new and existing cloud projects, encompassing both private and public cloud solutions.
   • Review evidence provided by solution provider and third parties such as SOC 2 reports, CSA STAR certifications, attestation reports, and penetration testing results.
   • Conduct technical validation of cloud architecture and configurations to ensure compliance with security policies and standards.

1. Develop Regional IT Security Governance processes to align with the Bank’s strategy and aspirations
2. Liaise and manage business projects and infrastructure upgrades penetration testing and code reviews
3. Enforcement and proactively provides IT security consultancy/ advisory services on policies, standards and best practices across the Group

Qualifications

• Education and Experience :
• Bachelor’s degree in Computer Science, Information Technology, or a related field.
• Minimum of 2 years of experience in cloud security, cloud governance, or a similar role. A total of at least 3 years of experience in IT security, or infrastructure is required.
• Proven experience in conducting cloud security assessments and technical validations.
• Technical Skills :
• Strong understanding of cloud platforms (AWS, Azure, Google Cloud) and their security features.
• Knowledge of cloud security frameworks and standards (ISO 27001, NIST, CSA STAR, SOC 2).
• Experience with security tools and technologies used in cloud environments (e.g., SIEM, IAM, encryption).

About the role

Join our dynamic team at the Companies Commission of Malaysia/Suruhanjaya Syraikat Malaysia (SSM) as an Executive in ICT Security Governance In this contract role, you will be instrumental in advancing our ICT security framework. This exciting opportunity is based at our state-of-the-art headquarters, Menara SSM @ Sentral, in the heart of Kuala Lumpur Sentral.

What you'll be doing

• Assist in reviewing IT Security Policy to ensure documentation is up-to-date according to the latest changes in the environment and government direction.
• Assist in handling, monitoring, and upholding ISMS certification standards.
• Provide advisory on IT security needs to meet user requirements and maintain security standards.
• Draft security awareness materials with up-to-date information to raise user acknowledgment and maintain a secure environment.
• Prepare materials for SSM IT Security Policy trainings to increase compliance in ICT security governance.
• Draft or review business continuity policy to enable business continuity during an unplanned disruption in service.
• Comply with all SSM policies and SOPs.

What we're looking for

• Educational Background: A Bachelor Degree in Computer Science / Information Technology or equivalent recognised certification.
• Experience: Preferably relevant working experience in IT Security Governance.

Knowledge/Skills/Abilities:

• Expertise in network troubleshooting, server environments, application, and system security.
• Proficient in security management and standards.
• Skilled in data security, including logical and physical access controls.

What we offer

At Suruhanjaya Syarikat Malaysia/Companies Commission of Malaysia, we are committed to providing a rewarding and supportive work environment. You will have the opportunity to work on cutting-edge technologies, contribute to impactful projects, and grow your career. We offer competitive remuneration, flexible work arrangements, and a range of benefits to support your well-being.

If you're ready to elevate your career in ICT security governance, apply now and become a part of our dynamic team

JOB SUMMARY

• This position will be reporting to the Head of Security Governance & Risk Management Section and will function under the Advisory & Governance Unit.
• Support and strengthen cybersecurity governance through comprehensive risk assessments, in-depth advisory services, and proactive engagement with key stakeholders to ensure compliance with internal policies and regulatory standards.

• Provide IT security advisory for business initiatives, systems implementations, and operational processes to ensure alignment with security policies and risk appetite.
• Review and assess IT change requests, vendor solutions, technology initiatives and third-party controls for security risks and recommend mitigation strategies.
• Support the execution, and analyse cybersecurity simulation exercises (e.g., phishing, smishing) to test and enhance organizational readiness.
• Monitor the implementation of risk mitigation plans and follow up with relevant departments to ensure timely closure of issues.
• Participate in governance forums on matters relating to IT risk and security governance.
• Prepare reports, presentations, and dashboards on cybersecurity risk posture, incidents, and remediation progress for internal stakeholders and management.
• Contribute to the development and refinement of IT security governance frameworks, policies, and procedures.
• Ensure security assessment exercise is conducted and remediated in a timely manner.

• Malaysian citizen.
• Pass Malay Language including oral test at Sijil Pelajaran Malaysia (SPM) level.
• Possess a Bachelor's Degree in Computer Science/ Information Technology, Cybersecurity or equivalent qualification from accredited higher learning institutions.
• Minimum 4 – 7 years of experience in IT security, risk management, or cybersecurity advisory roles.
• Strong understanding of information security principles, risk assessment methodologies, and regulatory frameworks (e.g., ISO 27001, NIST, CIS).
• Excellent analytical thinking, communication, and stakeholder engagement skills.
• Experience coordinating with cross-functional teams on security governance and compliance efforts.
• Professional certifications such as CISM, CISSP, CRISC, or equivalent are highly desirable.

Permanent

All applications are strictly CONFIDENTIAL and only shortlisted candidates will be called in for interview. Applications are deemed UNSUCCESSFUL if there is no feedback from the EPF 2 MONTHS after the closing date of advertisement.

JOB SUMMARY

• This position will be reporting to the Head of Security Governance & Risk Management Section and will function under the Advisory & Governance Unit.
• Support and strengthen cybersecurity governance through comprehensive risk assessments, in-depth advisory services, and proactive engagement with key stakeholders to ensure compliance with internal policies and regulatory standards.

JOB RESPONSIBILITIES

• Provide IT security advisory for business initiatives, systems implementations, and operational processes to ensure alignment with security policies and risk appetite.
• Review and assess IT change requests, vendor solutions, technology initiatives and third-party controls for security risks and recommend mitigation strategies.
• Support the execution, and analyse cybersecurity simulation exercises (e.g., phishing, smishing) to test and enhance organizational readiness.
• Monitor the implementation of risk mitigation plans and follow up with relevant departments to ensure timely closure of issues.
• Participate in governance forums on matters relating to IT risk and security governance.
• Prepare reports, presentations, and dashboards on cybersecurity risk posture, incidents, and remediation progress for internal stakeholders and management.
• Contribute to the development and refinement of IT security governance frameworks, policies, and procedures.
• Ensure security assessment exercise is conducted and remediated in a timely manner.

JOB REQUIREMENTS

• Malaysian citizen.
• Pass Malay Language including oral test at Sijil Pelajaran Malaysia (SPM) level.
• Possess a Bachelor's Degree in Computer Science/ Information Technology, Cybersecurity or equivalent qualification from accredited higher learning institutions.
• Minimum 4 – 7 years of experience in IT security, risk management, or cybersecurity advisory roles.
• Strong understanding of information security principles, risk assessment methodologies, and regulatory frameworks (e.g., ISO 27001, NIST, CIS).
• Excellent analytical thinking, communication, and stakeholder engagement skills.
• Experience coordinating with cross-functional teams on security governance and compliance efforts.
• Professional certifications such as CISM, CISSP, CRISC, or equivalent are highly desirable.

JOB STATUS

Permanent

All applications are strictly
CONFIDENTIAL
and only shortlisted candidates will be called in for interview. Applications are deemed
UNSUCCESSFUL
if there is no feedback from the EPF
2 MONTHS
after the closing date of advertisement.