Information Security GRC Specialist
Sg. Besi
Maxis
Maxis stands as Malaysia's leading telco company, presenting top-tier offerings including postpaid plans, internet plans, phone plans, and more. Enhance your connectivity with our steadfast services today!Are you ready to get ahead in your career?
- We want to empower you to turn your ambitions into achievements.
- We thrive in inclusiveness, diversity and embrace close collaborations for you to create impact for yourself and others.
- Together, we aim to bring the best of technology to help people, businesses and the nation to be ahead in a changing world.
- To realise our vision to become Malaysia’s leading converged solutions company, we are looking for a new talent to innovate and grow with us in a culture that values commitment, performance and possibilities.
Why does this job exist and why is it critical?
The role is responsible for ensuring the alignment of business and operations with Maxis security compliance objectives by conducting policy and process reviews, managing 3rd party security risks & compliances, control assessments, certification audits (eg. ISO 27xxx, PCI DSS), supporting security awareness trainings and education programs.
What are you accountable for?
- Perform regular policy, process and standard reviews for information security
- Conduct 3rd party security risks as part of the due diligence process, record and manage the risks.
- Update and monitor the security compliance of 3rd party and integrate this into existing security processes.
- Review the risk register and quarterly update the status to the Enterprise Risk Management team.
- Prepare control assessment reports relating to the implementation of information security controls in Maxis based on published policies, processes and standards.
- Conduct and assist with the implementation of security certification, audits and compliance to PCI/DSS, ISO 27001 and NIST frameworks across Maxis.
- Be able to provide advisory for compliance and information security controls across multiple security framework such as ISO 2700x, PCI, CSA, CIS, OWASP and NIST standards.
- Support the education and training requirements related to security controls in the areas of information security such as application security, network security, database security, password management and other general security content.
- Assist in other applicable tasks within the department scope assign by the Head of CyberSecurity.
What do you need to have for the role?
- Bachelor's Degree in Information Technology, Cybersecurity, Computer Science, or a related field – A solid foundation in IT or cybersecurity to understand complex security frameworks.
- 3-5 years of experience in Information Security, Compliance, or Risk Management Demonstrated experience in a similar role, ideally with a strong focus on training & awareness and audit management. Experience with security frameworks and standards – In-depth knowledge of ISO 27001, PCI DSS, NIST, and other industry standards and frameworks.
- Experience conducting risk assessments and audits – Hands-on experience with security control assessments, certification audits, and risk analysis of third parties.
- Policy and Process Review – Ability to develop, review, and revise information security policies and processes to maintain compliance.
- Risk Management – Proficiency in identifying, assessing, and managing third-party security risks as part of due diligence, including updating risk registers and monitoring compliance.
- Compliance and Regulatory Knowledge – Familiarity with security compliance standards (e.g., ISO 27xxx, PCI DSS, NIST, CSA, CIS, OWASP) and how to apply them in enterprise settings.
Preferred Professional Certifications such as:
- ISC2 CC (Certified in Cybersecurity)
- ISO 27001 Lead Implementer or Auditor
- PCI-DSS Implementer
- CRISC (Certified in Risk and Information Systems Control) or CISA (Certified Information Systems Auditor) for risk management skills.
- CISM (Certified Information Security Manager)
- CISSP (Certified Information Systems Security Professional)
What’s next?
- Once you’ve applied online, our team will carefully review your application. Due to a high volume of applications, we appreciate your patience to allow for a fair and timely review process.
- Should you be shortlisted for the role, we will send you an invitation via email for a digital interview. You can also check on your application status by logging into your candidate account.
Maxis values diverse voices & people. We hire and reward our employees based on capability & performance — regardless of ethnicity, gender, age, education, religion, nationality or physical ability.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Audits CISA CISM CISSP Compliance Computer Science CRISC ISO 27001 Monitoring Network security NIST NIST Frameworks OWASP PCI DSS Risk analysis Risk assessment Risk management
Perks/benefits: Career development
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.