143 Security Governance jobs in Kuala Lumpur

Job Description - Cloud Technical Security Governance

1. Create, review and update the Group IT Security Policies, Standards, Procedures, Guidelines, checklist and assessment requirements related to Cloud Security
   • Will be used by Regional & Overseas Units
   • Comply to all local regulators’ requirements and industry best practise are captured and adhere to.
   • Ensure that cloud security policies and assessment questions are aligned with industry best practices (e.g. ISO 27001, NIST, CSA STAR, SOC 2) and regulatory requirements (e.g.BNM RMiT, MAS, OJK, HKMA)
   • Regularly review and update cloud security policies to address emerging threats and changes in the regulatory landscape.

1. Perform comprehensive cloud security assessments for new and existing cloud projects, encompassing both private and public cloud solutions.
   • Review evidence provided by solution provider and third parties such as SOC 2 reports, CSA STAR certifications, attestation reports, and penetration testing results.
   • Conduct technical validation of cloud architecture and configurations to ensure compliance with security policies and standards.

1. Develop Regional IT Security Governance processes to align with the Bank’s strategy and aspirations
2. Liaise and manage business projects and infrastructure upgrades penetration testing and code reviews
3. Enforcement and proactively provides IT security consultancy/ advisory services on policies, standards and best practices across the Group

Qualifications

• Education and Experience :
• Bachelor’s degree in Computer Science, Information Technology, or a related field.
• Minimum of 2 years of experience in cloud security, cloud governance, or a similar role. A total of at least 3 years of experience in IT security, or infrastructure is required.
• Proven experience in conducting cloud security assessments and technical validations.
• Technical Skills :
• Strong understanding of cloud platforms (AWS, Azure, Google Cloud) and their security features.
• Knowledge of cloud security frameworks and standards (ISO 27001, NIST, CSA STAR, SOC 2).
• Experience with security tools and technologies used in cloud environments (e.g., SIEM, IAM, encryption).

#J-18808-Ljbffr

Job Description - Cloud Technical Security Governance Create, review and update the Group IT Security Policies, Standards, Procedures, Guidelines, checklist and assessment requirements related to Cloud Security

Will be used by Regional & Overseas Units Comply to all local regulators’ requirements and industry best practise are captured and adhere to. Ensure that cloud security policies and assessment questions are aligned with industry best practices (e.g. ISO 27001, NIST, CSA STAR, SOC 2) and regulatory requirements (e.g.BNM RMiT, MAS, OJK, HKMA) Regularly review and update cloud security policies to address emerging threats and changes in the regulatory landscape.

Perform comprehensive cloud security assessments for new and existing cloud projects, encompassing both private and public cloud solutions.

Review evidence provided by solution provider and third parties such as SOC 2 reports, CSA STAR certifications, attestation reports, and penetration testing results. Conduct technical validation of cloud architecture and configurations to ensure compliance with security policies and standards.

Develop Regional IT Security Governance processes to align with the Bank’s strategy and aspirations Liaise and manage business projects and infrastructure upgrades penetration testing and code reviews Enforcement and proactively provides IT security consultancy/ advisory services on policies, standards and best practices across the Group Qualifications Education and Experience : Bachelor’s degree in Computer Science, Information Technology, or a related field. Minimum of 2 years of experience in cloud security, cloud governance, or a similar role. A total of at least 3 years of experience in IT security, or infrastructure is required. Proven experience in conducting cloud security assessments and technical validations. Technical Skills : Strong understanding of cloud platforms (AWS, Azure, Google Cloud) and their security features. Knowledge of cloud security frameworks and standards (ISO 27001, NIST, CSA STAR, SOC 2). Experience with security tools and technologies used in cloud environments (e.g., SIEM, IAM, encryption).

#J-18808-Ljbffr

Job Responsibilities

Create, review, and update the Group IT Security Policies, Standards, Procedures, Guidelines, checklists, and assessment requirements related to Cloud Security.

Will be used by Regional & Overseas Units. Ensure compliance with all local regulators’ requirements and industry best practices. Align cloud security policies and assessment questions with industry standards (e.g., ISO 27001, NIST, CSA STAR, SOC 2) and regulatory requirements (e.g., BNM RMiT, MAS, OJK, HKMA). Regularly review and update cloud security policies to address emerging threats and regulatory changes.

Perform comprehensive cloud security assessments for new and existing cloud projects, including private and public cloud solutions.

Review evidence from solution providers and third parties such as SOC 2 reports, CSA STAR certifications, attestation reports, and penetration testing results. Validate cloud architecture and configurations to ensure compliance with security policies and standards.

Develop Regional IT Security Governance processes aligned with the Bank’s strategy. Liaise with and manage business projects, infrastructure upgrades, penetration testing, and code reviews. Provide proactive IT security consultancy and advisory services on policies, standards, and best practices across the Group. Qualifications

Education and Experience: Bachelor’s degree in Computer Science, Information Technology, or a related field. At least 2 years of experience in cloud security, governance, or a similar role; total of at least 3 years in IT security or infrastructure. Proven experience in conducting cloud security assessments and technical validations. Technical Skills: Strong understanding of cloud platforms (AWS, Azure, Google Cloud) and their security features. Knowledge of cloud security frameworks and standards (ISO 27001, NIST, CSA STAR, SOC 2). Experience with security tools and technologies used in cloud environments (e.g., SIEM, IAM, encryption).

#J-18808-Ljbffr

JOB PURPOSE :

1. Provide thought leadership and direction for IT Security team to effectively manage team work load, quality deliverables, performance and talent in delivering a systematic, proactive, approach that balances IT risk and business objectives and align with the Bank’s strategy
2. Develop, maintain and champion IT Security Program, including strategy, framework, Group/Regional policies, process, and metrics by identifying and assess the emerging IT risk and security threats
3. Identify, evaluate, protect against and report on IT Security risk in a manner that meets regional compliance and regulatory requirements and align with and support the risk posture of the Bank
4. Driver to provide the appropriate access, protection, confidentiality, integrity and availability of enterprise system and data through effective security controls
5. Key point of contact and subject matter expert for issues and projects related to IT Security
6. Advocate, lead and drive the Enterprises IT Security Awareness programmes via Process clinics, workshops, email communications, security bulletins and e-learning activities Group-wide and across the region to instil a compliance culture from a business and information security perspective
7. Provide security architectural vision, roadmap and standards for Bank
8. Ensure Processes are in place to ensure that our security architecture remains current and aligns with industry best practices.

PART 3: KEY ACCOUNTABILITIES & OUTCOMES
It pertains to what are the main areas in which a job must achieve end-results to achieve the purpose. Maximum of 8 Key Accountabilities only.
Principal Accountabilities	Describe the key activities that you are expected to achieve. Start with the most important	Outcomes/ deliverables targeted	Major Challenges in achieving the outputs
Accountability	Supporting Activities	Outcome/ deliverables	Challenges
Provide thought leadership and direction for IT Security team to effectively manage team work load, quality deliverables, performance and talent in delivering a systematic, proactive, approach that balances IT risk and business objectives and align with the Bank’s strategy	1. Ensure sufficient trained/skilled resources for new initiatives as well as existing workload 2. Supervise, mentor, coach and provide feedback to staff on their performance and deliveries 3. Encourage staff for professional certification , training or external conference/ program to upkeep skills	1. To build internal capabilities 2. To reduce staff turnover	· Build a team of skilled certified Security and Quality professionals with the up-to-date IT knowledge to meet the business demand. · Continuously supervise/motivate/mentor/retain IT Security staff on their performance and deliveries · Shortage of resources
Develop, maintain and champion IT Security Program, including strategy, framework, Group/Regional policies, process, and metrics by identifying and assess the emerging IT risk and security threats	1. Develop strong collaborative relationships within MSS and with business customers to understand long term business strategy and prepare appropriate IT Security recommendation and solution 2. Working closely with regional IT Security Head in defining objectives and policies and standards 3. Monitor IT Security trends and evolving technologies and assess against the current security posture and implication for the Bank 4. Define security strategies, metrics, reporting mechanisms and program services 5. Design and implement mechanism for education and governance, ensuring organizational and technical compliance with policies and requirements 6. Proactively provides IT security consultancy/ advisory services on policies, standards and best practices across the Group 7. Make recommendations for new security controls based on the assessment performed	1. To secure sensitive data and ensure information security and compliance with relevant legislation and regulatory requirements 2. Enforcement of standard suite of policies, processes & solution across Group to address and mitigate security risk	· Managing, communicating and understanding of regional & overseas units IT and regulatory requirements as part of regionalization of bank Shared Services IT Security for the Bank’s regional operations and future aspirations · Alignment and comprehensive-ness of IT Security policies based on regulatory requirements from various countries
Identify, evaluate, protect against and report on IT Security risk in a manner that meets regional compliance and regulatory requirements and align with and support the risk posture of the Bank	1. Work with business and across technology to identify current and/or potential security risk 2. Prioritize and implement security controls to enable or improve security capabilities 3. Conduct regular and on-going security health checks and reporting on Group wide compliance with IT Security Policies and Standards	1. Mitigate the risk exposure of the Bank while aligning with business and Bank’s strategy 2. Compliance with regional regulatory requirements 3. Safeguard and protect the banks compliance rating among regulatory bodies	· Enforcement of IT Security policies and controls internally and externally requires urgent syndication and escalation. ·
Driver to provide the appropriate access, protection on confidentiality, integrity and availability of enterprise system and data through effective security controls	1. Stay abreast of latest IT leading practices and methodology, regulatory & compliance issues and industry risk trends 2. Manage, plan and coordinate activities to protect the Bank 3. Advice departments and project teams on the viability of new and liability of existing IT Security technologies or security practise in supporting mid and long term facilities and operational planning	1. Promote security relationships between internal resources and external entities, including security solution providers, and partner organizations 2. Safeguard the Bank enterprise system and data	· Key driver to manage a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulation
Key point of contact and subject matter expert for issues and projects related to IT Security	1. Collaborate with internal and external team to ensure IT Security issues are responded in a timely manner 2. Lead efforts to internally assess, evaluate and make recommendations to management and project team regarding the adequacy of the risk, security, compliance and system change controls for the enterprise 3. Examine impacts of new technologies implementation on theoverall enterprise information security	1. To ensure the best balance between security strategies and business alignment 2. To determine acceptable levels of risk for the organization 3. To achieve a common goal in information security 4. Implement secured infrastructure and operational efficiency	· Continuously assess security and compliance posture of the Bank to ensure the risk exposure are mitigated to an acceptable level · Strong commitment and active involvement of management and relevant stakeholders are required for the success of enforcement · Dealing, liaising and managing staff complexity due to resistance in complying with
Advocates, lead and drive the Enterprises IT Security Awareness programmes via Process clinics, workshops, email communications, security bulletins and e-learning activities Group-wide and across the region to instil a compliance culture from a business and information security perspective	1. Develop awareness strategy and communication plan for various channels i.e. e-learning, portal, workshops, training and IT events 2. Drive and conduct Information Security Management communication and awareness programmes for the entire IT Enterprise 3. Conduct dip stick tests / feedback assessments to identify awareness levels and develop improvement plans 4. Extend the IT Security eLearning module to cover regional offices	1. Instill a compliance culture amongst staff 2. Foster with effective IT Security awareness to all staff 3. Reduced threats of security breaches through high staff awareness 4. Reduction in internal IT non –compliance 5. Reduction in recurring audit issues and shortcomings	· Constantly drive the effectiveness programs to create IT security awareness in bank Group
Maintain consistent relationship and engagement with Security solution providers and partners for latest security technology updates and market trend	1. Continuously engagement with external security solution principals, distributors, vendors, and partner for latest security technology architecture updates and market trend	1. Foster closer relationship with security solution providers, distributors and solution integrator to have fast track escalation and immediate response as and when the Bank requires 2. Stay informed with the latest security threats and mitigation actions that available in the market to be implemented whenever necessary

EDUCATION :

Possess a professional qualification with a recognised Master/ Degree in Computer Science, IT or a related discipline.

EXPERIENCE :

IT Security related working experience in Financial Services Industry (FSI) - More than 10 years

Leadership or managerial experience - 6 to 10 years

CERTIFICATIONS/REGULATORY CERTIFICATIONS :

Possess professional certifications such as ITIL, COBIT, CISM, Six Sigma, CISA, CRISC & ISO 27001: 2005 Lead Auditor/Implementer or other related professional IT certifications will be an added advantage

JOB SPECIFIC SKILLS & COMPETENCIES REQUIRED :

• Proven ability in security process and enterprise level security solution design, implementation and management experiences on security solutions
• Ability to develop and guide the team to achieve high levels of performance
• Highly self-motivated and directed
• Experienced, energetic, engaging and visionary leader with sound knowledge of business management and a working knowledge of information security technologies to support enterprise mission
• Knowledgeable leader to provide vision, strategy, broad-based planning and hands-on responsibility
• Ability to act calmly and competently in high-pressure, high-stress situations
• Strong presentation skills with proven ability to successfully interface with and influence at all levels (management, executive, technical staff and end user)
• Excellent written and verbal communication skills with an emphasis on confidentiality, tact and diplomacy
• Thorough understanding of security risk with the ability to make pragmatic business-focussed decisions
• Strong focus on architectural governanceand its implementation
• Technical knowledge of security, with the ability to demonstrate practical application of controls

#J-18808-Ljbffr

JOB PURPOSE : Provide thought leadership and direction for IT Security team to effectively manage team work load, quality deliverables, performance and talent in delivering a systematic, proactive, approach that balances IT risk and business objectives and align with the Bank’s strategy Develop, maintain and champion IT Security Program, including strategy, framework, Group/Regional policies, process, and metrics by identifying and assess the emerging IT risk and security threats Identify, evaluate, protect against and report on IT Security risk in a manner that meets regional compliance and regulatory requirements and align with and support the risk posture of the Bank Driver to provide the appropriate access, protection, confidentiality, integrity and availability of enterprise system and data through effective security controls Key point of contact and subject matter expert for issues and projects related to IT Security Advocate, lead and drive the Enterprises IT Security Awareness programmes via Process clinics, workshops, email communications, security bulletins and e-learning activities Group-wide and across the region to instil a compliance culture from a business and information security perspective Provide security architectural vision, roadmap and standards for Bank Ensure Processes are in place to ensure that our security architecture remains current and aligns with industry best practices. PART 3: KEY ACCOUNTABILITIES & OUTCOMES It pertains to what are the main areas in which a job must achieve end-results to achieve the purpose. Maximum of 8 Key Accountabilities only. Principal Accountabilities Describe the key activities that you are expected to achieve. Start with the most important Outcomes/ deliverables targeted Major Challenges in achieving the outputs Accountability Supporting Activities Outcome/ deliverables Challenges Provide thought leadership and direction for IT Security team to effectively manage team work load, quality deliverables, performance and talent in delivering a systematic, proactive, approach that balances IT risk and business objectives and align with the Bank’s strategy 1. Ensure sufficient trained/skilled resources for new initiatives as well as existing workload 2. Supervise, mentor, coach and provide feedback to staff on their performance and deliveries 3. Encourage staff for professional certification , training or external conference/ program to upkeep skills 1. To build internal capabilities 2. To reduce staff turnover · Build a team of skilled certified Security and Quality professionals with the up-to-date IT knowledge to meet the business demand. · Continuously supervise/motivate/mentor/retain IT Security staff on their performance and deliveries · Shortage of resources Develop, maintain and champion IT Security Program, including strategy, framework, Group/Regional policies, process, and metrics by identifying and assess the emerging IT risk and security threats 1. Develop strong collaborative relationships within MSS and with business customers to understand long term business strategy and prepare appropriate IT Security recommendation and solution 2. Working closely with regional IT Security Head in defining objectives and policies and standards 3. Monitor IT Security trends and evolving technologies and assess against the current security posture and implication for the Bank 4. Define security strategies, metrics, reporting mechanisms and program services 5. Design and implement mechanism for education and governance, ensuring organizational and technical compliance with policies and requirements 6. Proactively provides IT security consultancy/ advisory services on policies, standards and best practices across the Group 7. Make recommendations for new security controls based on the assessment performed 1. To secure sensitive data and ensure information security and compliance with relevant legislation and regulatory requirements 2. Enforcement of standard suite of policies, processes & solution across Group to address and mitigate security risk · Managing, communicating and understanding of regional & overseas units IT and regulatory requirements as part of regionalization of bank Shared Services IT Security for the Bank’s regional operations and future aspirations · Alignment and comprehensive-ness of IT Security policies based on regulatory requirements from various countries Identify, evaluate, protect against and report on IT Security risk in a manner that meets regional compliance and regulatory requirements and align with and support the risk posture of the Bank 1. Work with business and across technology to identify current and/or potential security risk 2. Prioritize and implement security controls to enable or improve security capabilities 3. Conduct regular and on-going security health checks and reporting on Group wide compliance with IT Security Policies and Standards 1. Mitigate the risk exposure of the Bank while aligning with business and Bank’s strategy 2. Compliance with regional regulatory requirements 3. Safeguard and protect the banks compliance rating among regulatory bodies · Enforcement of IT Security policies and controls internally and externally requires urgent syndication and escalation. · Driver to provide the appropriate access, protection on confidentiality, integrity and availability of enterprise system and data through effective security controls 1. Stay abreast of latest IT leading practices and methodology, regulatory & compliance issues and industry risk trends 2. Manage, plan and coordinate activities to protect the Bank 3. Advice departments and project teams on the viability of new and liability of existing IT Security technologies or security practise in supporting mid and long term facilities and operational planning 1. Promote security relationships between internal resources and external entities, including security solution providers, and partner organizations 2. Safeguard the Bank enterprise system and data · Key driver to manage a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulation Key point of contact and subject matter expert for issues and projects related to IT Security 1. Collaborate with internal and external team to ensure IT Security issues are responded in a timely manner 2. Lead efforts to internally assess, evaluate and make recommendations to management and project team regarding the adequacy of the risk, security, compliance and system change controls for the enterprise 3. Examine impacts of new technologies implementation on theoverall enterprise information security 1. To ensure the best balance between security strategies and business alignment 2. To determine acceptable levels of risk for the organization 3. To achieve a common goal in information security 4. Implement secured infrastructure and operational efficiency · Continuously assess security and compliance posture of the Bank to ensure the risk exposure are mitigated to an acceptable level · Strong commitment and active involvement of management and relevant stakeholders are required for the success of enforcement · Dealing, liaising and managing staff complexity due to resistance in complying with Advocates, lead and drive the Enterprises IT Security Awareness programmes via Process clinics, workshops, email communications, security bulletins and e-learning activities Group-wide and across the region to instil a compliance culture from a business and information security perspective 1. Develop awareness strategy and communication plan for various channels i.e. e-learning, portal, workshops, training and IT events 2. Drive and conduct Information Security Management communication and awareness programmes for the entire IT Enterprise 3. Conduct dip stick tests / feedback assessments to identify awareness levels and develop improvement plans 4. Extend the IT Security eLearning module to cover regional offices 1. Instill a compliance culture amongst staff 2. Foster with effective IT Security awareness to all staff 3. Reduced threats of security breaches through high staff awareness 4. Reduction in internal IT non –compliance 5. Reduction in recurring audit issues and shortcomings · Constantly drive the effectiveness programs to create IT security awareness in bank Group Maintain consistent relationship and engagement with Security solution providers and partners for latest security technology updates and market trend 1. Continuously engagement with external security solution principals, distributors, vendors, and partner for latest security technology architecture updates and market trend 1. Foster closer relationship with security solution providers, distributors and solution integrator to have fast track escalation and immediate response as and when the Bank requires 2. Stay informed with the latest security threats and mitigation actions that available in the market to be implemented whenever necessary EDUCATION : Possess a professional qualification with a recognised Master/ Degree in Computer Science, IT or a related discipline. EXPERIENCE : IT Security related working experience in Financial Services Industry (FSI) - More than 10 years Leadership or managerial experience - 6 to 10 years CERTIFICATIONS/REGULATORY CERTIFICATIONS : Possess professional certifications such as ITIL, COBIT, CISM, Six Sigma, CISA, CRISC & ISO 27001: 2005 Lead Auditor/Implementer or other related professional IT certifications will be an added advantage JOB SPECIFIC SKILLS & COMPETENCIES REQUIRED : Proven ability in security process and enterprise level security solution design, implementation and management experiences on security solutions Ability to develop and guide the team to achieve high levels of performance Highly self-motivated and directed Experienced, energetic, engaging and visionary leader with sound knowledge of business management and a working knowledge of information security technologies to support enterprise mission Knowledgeable leader to provide vision, strategy, broad-based planning and hands-on responsibility Ability to act calmly and competently in high-pressure, high-stress situations Strong presentation skills with proven ability to successfully interface with and influence at all levels (management, executive, technical staff and end user) Excellent written and verbal communication skills with an emphasis on confidentiality, tact and diplomacy Thorough understanding of security risk with the ability to make pragmatic business-focussed decisions Strong focus on architectural governanceand its implementation Technical knowledge of security, with the ability to demonstrate practical application of controls

#J-18808-Ljbffr

Head of Security Governance and Data Protection

Join to apply for the Head of Security Governance and Data Protection role at Krisv Consulting Services Pte Ltd .

Overview

An ideal candidate will oversee the organization's data protection strategies and compliance programs. Reporting to the CISO, this leadership role will focus on ensuring the protection of sensitive data through robust data loss prevention policies. The candidate should have strong domain knowledge in governance frameworks, data protection laws, and compliance management.

Responsibilities

1. Build and lead teams specializing in Security and Data Governance, Cryptography, and Authentication.
2. Lead the implementation of Data Loss Prevention (DLP) and data protection strategies.
3. Ensure adherence to policies across all departments through internal and external audits, complying with the latest legal and regulatory standards, including Malaysian regulations, PCI-DSS, and Data Protection Acts.
4. Lead initiatives in Identity and Access Management (IAM), focusing on process design and technology acquisition.
5. Ensure organizational compliance with established procedures for data protection, audits, and remediation.
6. Stay updated with industry trends and regulatory changes.

Requirements

1. Extensive experience in Cyber Security Frameworks, Authentication, Data Loss Prevention, and Data Protection standards.
2. Proven leadership in managing governance and compliance teams with an in-depth understanding of the regulatory landscape.
3. Strong experience in compliance risk management and implementing governance frameworks.
4. Excellent leadership, communication, and stakeholder management skills, capable of managing cross-functional teams.
5. 10+ years of experience in information security, risk, and compliance roles within banking or financial sectors.
6. Strong understanding of banking regulations, cyber security frameworks, and IT governance (e.g., NIST, COBIT, ISO 27001, FFIEC).
7. Degree in Cybersecurity, Information Security, or related fields.
8. Certifications such as CISA, CISSP, CISM, or other governance and compliance-related certifications.

Additional Details

• Employment Type: Full-time
• Job Function: Other, Information Technology, Management
• Industry: Staffing and Recruiting
• Location: Kuala Lumpur, Malaysia

#J-18808-Ljbffr

Head of Security Governance and Data Protection Join to apply for the

Head of Security Governance and Data Protection

role at

Krisv Consulting Services Pte Ltd .

Overview An ideal candidate will oversee the organization's data protection strategies and compliance programs. Reporting to the CISO, this leadership role will focus on ensuring the protection of sensitive data through robust data loss prevention policies. The candidate should have strong domain knowledge in governance frameworks, data protection laws, and compliance management.

Responsibilities

Build and lead teams specializing in Security and Data Governance, Cryptography, and Authentication.

Lead the implementation of Data Loss Prevention (DLP) and data protection strategies.

Ensure adherence to policies across all departments through internal and external audits, complying with the latest legal and regulatory standards, including Malaysian regulations, PCI-DSS, and Data Protection Acts.

Lead initiatives in Identity and Access Management (IAM), focusing on process design and technology acquisition.

Ensure organizational compliance with established procedures for data protection, audits, and remediation.

Stay updated with industry trends and regulatory changes.

Requirements

Extensive experience in Cyber Security Frameworks, Authentication, Data Loss Prevention, and Data Protection standards.

Proven leadership in managing governance and compliance teams with an in-depth understanding of the regulatory landscape.

Strong experience in compliance risk management and implementing governance frameworks.

Excellent leadership, communication, and stakeholder management skills, capable of managing cross-functional teams.

10+ years of experience in information security, risk, and compliance roles within banking or financial sectors.

Strong understanding of banking regulations, cyber security frameworks, and IT governance (e.g., NIST, COBIT, ISO 27001, FFIEC).

Degree in Cybersecurity, Information Security, or related fields.

Certifications such as CISA, CISSP, CISM, or other governance and compliance-related certifications.

Additional Details

Employment Type: Full-time

Job Function: Other, Information Technology, Management

Industry: Staffing and Recruiting

Location: Kuala Lumpur, Malaysia

#J-18808-Ljbffr

Job Description

Dentsu’s commitment to technology governance, risk and compliance is expanding through 2023 to provide greater coverage of our established security governance processes to all global technology functions. Reporting to the Technology & Security Governance Manager, the Senior Analyst will be responsible for supporting the development and continuous improvement of dentsu’s global technology policies, technical standards, and guidelines through close engagement with senior business stakeholders. The role will also support the management of the dentsu technology internal control framework, development of the technology GRC platform (Riskonnect) and maintenance of our global ISO 27001 information security certification.

Job Title:

Technology and Security Governance Senior Analyst

Job Description:

Responsibilities include, but are not limited to:

• Support the execution of the global technology and security governance strategy.

• Assist with the maintenance activities required for dentsu’s ISO 27001 certified ISMS.

• Support the preparation for the periodic ISO 27001 global surveillance audit.

• Contribute to the revision and maintenance of the key ISMS governance artefacts.

• Contribute to the definition and review process of dentsu Group technology and security policies, providing technical expertise as required.

• Support the development and maintenance of security metrics via reporting dashboards and regular presentations for our global and regional executives.

• Support the development of dentsu’s global security certification strategy.

• Be responsible for the technology and security document management platform.

• Act as a SME and provide stakeholder support and training for dentsu’s technology GRC platform Riskonnect.

• Support the maintenance of the dentsu technology and security internal control framework.

• Oversee compliance across the technology and security dentsu teams with the document management standard.

• Ensure the Technology organisations working practices comply with the Group’s technology and security control framework.

• Identify opportunities for continued process improvements within the technology and security GRC team.

• Build relationships and partner with stakeholders across technology and group functions.

Person specification:

• Broad information technology and security expertise with knowledge of industry and regulatory control frameworks (ISO 27001, NIST-CSF, JSOX, COBIT).

• A strong working knowledge of ISO 27001/2.

• Experience of security governance, risk management and assurance within a medium or large-sized organisation.

• Proficient in briefings and presentations to stakeholders.

• Experience of building stakeholder relationships in matrixed organisations and gaining buy in and engagement from teams outside immediate reporting lines.

• Demonstrates experience of collaboration, inclusivity, breaking down silos and creating shared visions.

• Proactive problem solver. The ability to evaluate problems from multiple perspectives to drive successful outcomes for all stakeholders.

• Is demonstrably self-motivated, proactive, action orientated to achieve deadlines.

• Comfortable navigating uncertainty, ambiguity, and change in order to suggest recommendations and drive improvements.

• Proactive development of trending knowledge and skills within the cyber security and technology communities.

• Experience of working with a high degree of freedom , managing own and others workload, and delivering to tight timescales.

• Experience with using top industry GRC platforms (desirable).

• Achieved or working towards a security qualification (CISSP, CISM, CISA, CRISC) (desirable).

About dentsu

Headquartered in London, dentsu international operates in over 145 markets worldwide with more than 48,000 dedicated specialists. We help clients to win, keep and grow their best customers and achieve meaningful progress for their businesses. With best-in-class services and solutions in media, CXM, and creative. Joining dentsu is an opportunity to produce career-defining work. Along the way, you’ll team up with inspiring colleagues and encounter a richness of clients, cultures, and experiences. We offer exciting challenges, memorable experiences, and opportunities to shape your future.

Inclusion and Diversity

We’re proud to be different and that starts with our people. We believe in equal opportunities for everyone. We won’t define people by their race, gender, sexual-orientation, age, or disability. Individuality is what makes us great, we want everyone to bring their full self to work and create something amazing. That’s what we care about. So, whether you’re joining us, or looking to move to a different part of the business, we work hard to make sure we create equal opportunities for everyone.

We are happy to discuss flexible and agile approaches to working for all our roles – we can’t promise we will be able to offer you everything you want or need but we do promise to discuss it with you openly and honestly. If you have any reasonable adjustment needs arising from a disability or medical condition to fully participate in the recruitment process, please discuss this with our recruitment teams.

Location:

Kuala Lumpur

Brand:

Global Technology

Time Type:

Full time

Contract Type:

Permanent

#J-18808-Ljbffr

Security Operations & Governance Analyst (1 year Contract)

Role with L1 SOC monitoring, governance, and vulnerability/threat intelligence responsibilities.

Responsibilities

• L1 SOC monitoring of security alerts 24x7 using SIEM, EDR tools, and IDS/IPS; analyze logs, network traffic, endpoint data, and other source logs to identify suspicious activity or IoCs; triage and prioritize alerts based on severity and risk; perform required escalations and mitigations; containment and mitigation actions for incidents; escalate confirmed or high-risk incidents to L2/L3 analysts or incident response teams; collate information for incident documentation.
• Governance: support the Security GRC team during regulatory inspections, external audits, customer queries, security certificate programs, and internal audits to ensure compliance with regulations and customer requirements; perform due diligence to assess third-party information security posture; support on-site assessments of third-party/outsourced parties.
• Vulnerability & threat intelligence: stay updated on emerging threats through threat intelligence.

Qualifications

• Bachelor's degree in Computer Science, IT, Software Engineering, or equivalent is required.
• Security certifications (Security+, CySA+, CEH, GIAC GSEC, GIAC GCDA, GIAC GDAT, CISA, CISM, CISSP) are a plus.
• Good understanding of network security, operating systems, SQL programming.
• 1-5 years of relevant security monitoring/SOC experience.
• Having experience in governance, risk, compliance work is a plus.

Seniority level

• Associate

Employment type

• Contract

Job function

• Analyst and Information Technology

#J-18808-Ljbffr