IT Security Compliance Analyst
Kuala Lumpur
Donaldson
Die Donaldson Company, Inc. ist ein weltweit führender Anbieter von Luft-, Öl- und Flüssigkeitsfiltrationslösungen für Motoren und Industrieanlagen.Donaldson is committed to solving the world’s most complex filtration challenges. Together, we make cool things. As an established technology and innovation leader, we are continuously evolving to meet the filtration needs of our changing world. Join a culture of collaboration and innovation that matters and a chance to learn, effect change, and make meaningful contributions at work and in communities.
Job Purpose
The position involves coordinating IT and Information Security risk management, leading regulatory compliance initiatives, and collaborating with global teams to support the Security Governance Risk and Compliance program.
This role may partner with other departments (Financial, Legal, Compliance, Privacy, Internal Audit, etc.) to document and track risk requirements and perform assessments.
Key Responsibilities:
Maintain risk management initiatives and tracking within a Governance, Risk, and Compliance (GRC) platform.
Assess, rate, and prioritize security risks based on industry standards and regulatory requirements.
Compile and report information security and compliance risks to leadership for awareness.
Research industry-specific security risk trends and best practices.
Collaborate with departments to support compliance, governance, and policy assessments.
Evaluate technical, administrative, and physical controls for compliance effectiveness.
Create and implement assessment questionnaires and gather evidence for control testing.
Write reports on findings and present issues to stakeholders and executives.
Map compliance requirements, including international regulations and internal policies.
Train employees on GRC risk processes and compliance initiatives, working across time zones as needed.
Education Qualification:
Bachelor’s degree in IT, Accounting, Finance, Business, or a related field.
Relevant experience demonstrating necessary knowledge and skills for the position.
Technical Competence & Skills:
Minimum 5 years of professional-level IT, information security, or vendor risk experience.
Relevant experience in the GRC Risk Management/Assessment space.
Knowledge of applicable industry rules (ISO 27001, NIST, COSO, COBIT) and expertise in information security best practices.
Knowledge or experience in assessing regulatory controls (SOX, PCI, SWIFT, NIS2, CMMC, China MLPS, TISAX).
Working knowledge of Governance, Risk, and Compliance (GRC) tools (ServiceNow, Archer) is a plus.
Relevant Experience:
Information security auditing experience is a plus.
Ability to work with all levels of the organization.
Experience working across time zones.
Excellent teamwork skills and the ability to work independently.
Resourceful, energetic, self-starter, flexible, and goal oriented.
Strong personal integrity.
Others (% of travel, language, etc.):
Excellent verbal and written communication skills in English
Employment opportunities for positions in the United States may require use of information which is subject to the export control regulations of the United States. Hiring decisions for such positions are required by law to be made in compliance with these regulations. Applicants for employment opportunities in other countries must be able to meet the comparable export control requirements of that country and of the United States.
Our policy is to provide equal employment opportunities to all qualified persons without regard to race, gender, color, disability, national origin, age, religion, union affiliation, sexual orientation, veteran status, citizenship, gender identity and/or expression, or other status protected by law.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits CMMC COBIT Compliance Finance Governance ISO 27001 NIS2 NIST Privacy Risk management SOX TISAX
Perks/benefits: Flex hours
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.