Job Description

For MALAYSIANS only Role Description : As a technical SME for Governance, Risk and Compliance (GRC), you will be expected to work with customers to assess and manage their risks in alignment with ISO31000. You will be expected to be familiar with ISO27001 or a similar standard (NIST, ISM, COBAT, etc). You will be expected to able to assess controls, and provide advice to customers that is practical, and solution focused. (e.g., provide accurate estimates of effort required and work within those estimates). You will be expected to measure compliance against company policy and provide audit liaison and reporting to senior management. Responsibilities : Assessing and applying security standards such as; ISO37000, PCI-DSS, ISO 27001, ISM, COBIT Work through which controls are relevant, whether they are present in the project design / plans and whether there are compensating controls. Provide advice/support for business impact assessments Identification of information assets and determination on its value. Identification of any risks to information. Application of security measures to protect information. Management of risks across information lifecycle. Maintenance of the IT/InfoSec risk register. Liaison with internal multifunctional teams, including Information Security, Technology, Infrastructure, Legal, Finance, etc. Experience and Qualifications : Security Governance, Risk and Compliance (GRC) Infrastructure, Networking or Architecture Project and Third-Party risk assessments Security Operations ISACA (CISA, CISM) GIAC (SANS Training) ISC2 CISSP Cisco e.g. CCNA, CCNP

foundit