Senior Executive, Cybersecurity Governance, Risk, and Compliance

We value our people and encourage everyone to grow professionally. If you think this opportunity is right for you, we encourage you to apply!

Job Description:

Security Monitoring, Incident Management & Triage:

• Oversee the security operations team in monitoring alerts, logs, and network traffic for potential threats.

• Lead the triage and investigation of security incidents, ensuring a timely response.

• Coordinate with relevant teams for incident escalation and reporting to management.

• Regularly review security operation systems (e.g., IPS, SIEM) for optimization.

Cybersecurity Incident Management:

• Lead the incident response process, coordinating with internal and third-party teams.

• Develop and review incident response plans and playbooks regularly.

• Analyze post-incident reports for improvement opportunities.

• Provide management with insightful reporting.

Vulnerability Management:

• Manage vulnerability scanning and assessments for IT assets.

• Collaborate with teams to address identified vulnerabilities and implement risk mitigation strategies.

• Prioritize vulnerability fixes using a risk-based approach.

• Deliver regular updates to management.

Security Assessment Management:

• Coordinate cybersecurity assessments (e.g., penetration testing, red teaming) to enhance security posture.

• Review remediation actions and risk mitigation plans, providing constructive recommendations.

• Track remediation actions until closure and report findings to management.

IT Security Risk & Compliance:

• Ensure compliance with security standards and conduct risk assessments and audits.

• Support the maintenance of security certifications and frameworks.

Security Awareness Training:

• Develop and implement engaging training programs for employees to promote a security-focused culture.

• Evaluate the effectiveness of security awareness initiatives for continuous improvement.

Development & Maintenance of Security Framework, Policies, Guidelines & Standards:

• Create and maintain cybersecurity policies and procedures aligned with industry best practices.

• Regularly update documentation to address emerging threats.

Information Security Working Committee (ISWC) Secretariat:

• Act as the secretariat for ISWC meetings, ensuring productive discussions and follow-ups on security initiatives.

Requirements:

• Bachelor’s degree in IT/Computer Engineering, Cybersecurity, or a related field. Minimum 5 years of working experience.
• 5+ years’ experience in IT/Cyber security or 5+ years’ experience in IT Security solutions especially endpoint, network & database security.
• Strong knowledge of security monitoring tools, incident response, and vulnerability management.
• Familiarity with security assessment methodologies such as penetration testing, compliance audits, and red teaming.
• Experiences with security frameworks (NIST, ISO 27001, CIS, etc).
• Understanding of regulatory compliance (BNM RMiT, GDPR, PCI DSS, etc).
• Cybersecurity-related or other relevant certifications are an added advantage.
• Experience in delivering IT Security projects for multinational organizations like SD Plantation Berhad, via multivendor management.
• Excellent problem-solving and analytical skills.
• Strong communication and interpersonal skills.
• Relevant cybersecurity certifications (CISSP, CISM, CEH, OSCP, etc.) are a plus.

To apply, please submit your resume and cover letter outlining your interest for this role.