Job Description

We are Malaysia\'s leading Credit Reporting Agency (CRA) and we are aggressively expanding our business, and looking for dynamic, driven and motivated individuals to join our team. Our Direct-To-Consumer segment (D2C), is one of our fastest growing product areas in the market, with an abundance of expansion plans and innovative ideas on hand.

What you are expected to do:

(a) Job Responsibilities:

Responsible to assist the Information Security Manager in defining and implementing best-practice information security policies, standards, and processes based on ISO 27001, NIST Cybersecurity Framework (CSF), and BNM RMiT.

(b) Expected outcome:

An ISO 27001 certified organization with robust and proactive information security program in alignment with relevant regulatory requirements and industry best practices.

(c) Job Duties:

(i) Assist the Manager to implement ISO 27001 and Information Security Management System (ISMS) for CTOS.

(ii) Assist the Manager establishing a comprehensive set of enterprise information security policies and standards, and monitor the information security controls, KRIs/KPIs, and technical landscape on an ongoing basis.

(iii) Assist the Manager in compliance evaluations, certifications, and accreditations of ISO 27001, BNM\'s Cyber Resilience Maturity Assessment (CRMA), BNM\'s RMiT and any other relevant regulatory requirements with regard to information security.

(iv) Work with the CTOS Risk Department to implement effective and appropriate Governance, Risk and Compliance (GRC) controls and safeguards for system and data protection.

(v) Assist in identifying, communicating, and managing current and emerging security threats in collaboration with relevant stakeholders.

(vi) Assist in developing information security compliance frameworks, policies, and procedures as required.

(vii) Assist in the day-to-day activities in identifying cyber security risk factors, assessing them and recommending treatment plans.

(viii) Assist in tracking key performance indicators (KPIs) and key risk indicators (KRIs).

(ix) Assist in data collection and maintenance of technical and management cyber security dashboard.

(x) Assist in collaboration with business units, IT, vendors and service providers to promote and implement information security best practices for CTOS.

(xi) Assist to validate IT infrastructure and other reference IT architectures for adherence to security best practices, and recommend changes to enhance security and reduce risks, as needed.

(xii) Assist in the development, maintenance and implementation of a cyber security awareness program to foster a security-conscious culture within the organization.

Collaborate with vendors and service providers to conduct and review periodic security assessments (e.g., penetration testing, vulnerability assessments, etc.) third party service providers including cloud service providers

What you need to have to qualify:

• Minimum Bachelor\'s Degree or Equivalent with specialization in Computer Science / IT Security / Cyber Security.
• 2 to 3 years of working experience in IT or Information Security domain specifically in implementation and maintenance of information security management system (ISMS - ISO 27001).

Competencies:

• Knowledge of the latest ISO 27001 standard, NIST Cybersecurity Framework, Centre for Internet Security (18 CIS critical security controls) and BNM RMiT.
• Knowledge and experience working with GRC tools are advantageous.
• Experienced in being part of an ISO 27001 project team and conducting gap analysis, and ability to prepare, present and communicate technical details to superiors.
• Entry-level knowledge across more than one information security domains and tools such as IAM, DLP, EDR/MDR, Zero-Trust principles, ASM, etc.
• Experienced with enterprise architecture and infrastructure security architecture, including cloud security architecture.
• Ability to collaborate with multiple teams of different disciplines across enterprise.
• Ability to present and communicate clearly and concisely to target audience (i.e., technical, general staff and senior management).
• ISO 27001 Lead Implementer and/or Lead Auditor certification are advantageous.
• Any other security certifications such as Certified Information Systems Auditor (CISA), GIAC, EC-Council, CompTia or equivalent are advantageous.

Spoken Language: Malay, English

Written Language: Malay, English

CTOS