This position will be reporting to the Head of Security Governance & Risk Management Section and will function under the Advisory & Governance Unit.
Support and strengthen cybersecurity governance through comprehensive risk assessments, in-depth advisory services, and proactive engagement with key stakeholders to ensure compliance with internal policies and regulatory standards.
Job Responsibilities
Provide IT security advisory for business initiatives, systems implementations, and operational processes to ensure alignment with security policies and risk appetite.
Review and assess IT change requests, vendor solutions, technology initiatives and third-party controls for security risks and recommend mitigation strategies.
Support the execution, and analyse cybersecurity simulation exercises (e.g., phishing, smishing) to test and enhance organizational readiness.
Monitor the implementation of risk mitigation plans and follow up with relevant departments to ensure timely closure of issues.
Participate in governance forums on matters relating to IT risk and security governance.
Prepare reports, presentations, and dashboards on cybersecurity risk posture, incidents, and remediation progress for internal stakeholders and management.
Contribute to the development and refinement of IT security governance frameworks, policies, and procedures.
Ensure security assessment exercise is conducted and remediated in a timely manner.
Job Requirements
Malaysian citizen.
Pass Malay Language including oral test at Sijil Pelajaran Malaysia (SPM) level.
Possess a Bachelor's Degree in Computer Science/ Information Technology, Cybersecurity or equivalent qualification from accredited higher learning institutions.
Minimum 4 - 7 years of experience in IT security, risk management, or cybersecurity advisory roles.
Strong understanding of information security principles, risk assessment methodologies, and regulatory frameworks (e.g., ISO 27001, NIST, CIS).
Excellent analytical thinking, communication, and stakeholder engagement skills.
Experience coordinating with cross-functional teams on security governance and compliance efforts.
Professional certifications such as CISM, CISSP, CRISC, or equivalent are highly desirable.