Now Hiring
Information Security Risk and Compliance Analyst
Copy Link
RM8,000-10,000
Wp Kuala Lumpur1-3 Yrs Exp学士Remote Work Available
Chat & Apply
Medical benefitsFree parkingDental/Optics BenefitsEducational support
Job Details
Job Description
Position: Information Security Risk and Compliance Analyst
Reports to: Information Security GRC Practice Manager
Location: Kuala Lumpur – Full time
Role Summary
The Information Security Risk and Compliance Analyst plays a critical role in safeguarding our organization’s informational assets by ensuring compliance with regulatory requirements and implementing robust governance, risk management, and compliance strategies. The Analyst focuses on supporting the development and enforcement of security policies, conducting risk and compliance assessments, develop and monitor risk treatment plan, and support the facilitation of security awareness throughout the organization. This role is instrumental in enhancing our cybersecurity posture, ensuring compliance integrity, and fostering a culture of continuous improvement in security practices. This position offers the opportunity to contribute significantly to the organization's resilience against threats and adherence to compliance standards, making them key to our strategic objectives in cybersecurity management.
You must be willing to work on Malaysia Public Holidays.
You must be willing to work 100% from office.
Your working hours are 7:00am to 4:00pm (Malaysia timing)
Key Responsibilities
Governance
Support the development, implementation, and maintenance of robust IT and cloud governance, risk, and compliance policies, frameworks, and standard operating procedures in line with industry best practices and regulatory requirements.
Support the execution of practice’s GRC initiatives and ensure alignment with business objectives.
Support GRC practice manager in collaboration with internal stakeholders to ensure a unified approach to information security across the organization.
Risk
Implement security controls, risk assessment framework, and program that align with regulatory requirements, ensuring documented and sustainable compliance that aligns with BFG’s objectives.
Conduct information security risk assessments and audits within the practice, identify vulnerabilities, IT security risks to the BFG’s systems, networks, and data.
Conduct cloud-based risk assessments and audits within the practice, identify vulnerabilities, IT security risks to the BFG’s cloud infrastructure.
Develop risk treatment plans and monitor their implementation to mitigate identified risks effectively and guide mitigation strategies.
Evaluate security posture of third-party vendors through risk assessment and security reviews.
Drive the continuous automation and management of risk management using technology and data-enabled solutions and streamline risk management activities with automation.
Maintain accurate records of risk assessment activities.
Compliance
Identify applicable compliance baselines from legislative requirements and corporate objectives. Ensure applicable obligations are incorporated into the assurance program.
Conduct periodic compliance assessment activities against internal policies and industry standards (e.g. ISO27001) and maintain accurate records of these activities.
Provide support in internal and external IT security audit.
Assist in the preparation of reports for management and regulatory bodies as required.
Security Awareness & Training
Assist the execution of security awareness program for staff on compliance standards and security best practices.
Stay up to date on the latest developments in information security, risk management, and compliance.
Knowledge
Proficient understanding of cybersecurity principles, IT risk management and cloud security.
Information systems risk management methodology.
Information technology systems and processes, data processes, and protocols.
Basic knowledge of relevant legal and regulatory requirements such as ISO 27001, NIST and other cybersecurity frameworks.
Understanding of cybersecurity technologies and countermeasures.
Skills
Ability in planning and executing risk assessments, from risk identification to monitoring.
Strong analytical and problem-solving abilities, with the capacity to understand and manage various types of cyber risks.
Experience in managing small projects or contributing to large projects in a collaborative environment is advantageous, including the management of stakeholders.
Strong verbal and written communication skills, able to document and explain compliance issues and risks to a non-technical audience.
Excellent interpersonal skills to collaborate effectively with both technical and non-technical teams.
Working with diverse academic, cultural, and ethnic staff backgrounds.
Qualifications
Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or a related field.
Minimum of 2-3 years of experience in an information security or IT assessment role.
Professional certifications like ISC2 Certified in Cybersecurity (CC) or CompTIA Security+ are advantageous.
Professional certifications like ISACA Certified Risk and Information Systems Controls (CRISC), ISACA Certified Information Systems Auditor (CISA), or ISACA Certified Information Security Manager (CISM) are highly advantageous.
Prior experience in industries with stringent compliance requirements, such as finance industry is advantageous.
Benefits
Corporate medical insurance, Optical and Dental claims.
Competitive salary and bonus structure.
Ongoing professional development opportunities.
Reports to: Information Security GRC Practice Manager
Location: Kuala Lumpur – Full time
Role Summary
The Information Security Risk and Compliance Analyst plays a critical role in safeguarding our organization’s informational assets by ensuring compliance with regulatory requirements and implementing robust governance, risk management, and compliance strategies. The Analyst focuses on supporting the development and enforcement of security policies, conducting risk and compliance assessments, develop and monitor risk treatment plan, and support the facilitation of security awareness throughout the organization. This role is instrumental in enhancing our cybersecurity posture, ensuring compliance integrity, and fostering a culture of continuous improvement in security practices. This position offers the opportunity to contribute significantly to the organization's resilience against threats and adherence to compliance standards, making them key to our strategic objectives in cybersecurity management.
You must be willing to work on Malaysia Public Holidays.
You must be willing to work 100% from office.
Your working hours are 7:00am to 4:00pm (Malaysia timing)
Key Responsibilities
Governance
Support the development, implementation, and maintenance of robust IT and cloud governance, risk, and compliance policies, frameworks, and standard operating procedures in line with industry best practices and regulatory requirements.
Support the execution of practice’s GRC initiatives and ensure alignment with business objectives.
Support GRC practice manager in collaboration with internal stakeholders to ensure a unified approach to information security across the organization.
Risk
Implement security controls, risk assessment framework, and program that align with regulatory requirements, ensuring documented and sustainable compliance that aligns with BFG’s objectives.
Conduct information security risk assessments and audits within the practice, identify vulnerabilities, IT security risks to the BFG’s systems, networks, and data.
Conduct cloud-based risk assessments and audits within the practice, identify vulnerabilities, IT security risks to the BFG’s cloud infrastructure.
Develop risk treatment plans and monitor their implementation to mitigate identified risks effectively and guide mitigation strategies.
Evaluate security posture of third-party vendors through risk assessment and security reviews.
Drive the continuous automation and management of risk management using technology and data-enabled solutions and streamline risk management activities with automation.
Maintain accurate records of risk assessment activities.
Compliance
Identify applicable compliance baselines from legislative requirements and corporate objectives. Ensure applicable obligations are incorporated into the assurance program.
Conduct periodic compliance assessment activities against internal policies and industry standards (e.g. ISO27001) and maintain accurate records of these activities.
Provide support in internal and external IT security audit.
Assist in the preparation of reports for management and regulatory bodies as required.
Security Awareness & Training
Assist the execution of security awareness program for staff on compliance standards and security best practices.
Stay up to date on the latest developments in information security, risk management, and compliance.
Knowledge
Proficient understanding of cybersecurity principles, IT risk management and cloud security.
Information systems risk management methodology.
Information technology systems and processes, data processes, and protocols.
Basic knowledge of relevant legal and regulatory requirements such as ISO 27001, NIST and other cybersecurity frameworks.
Understanding of cybersecurity technologies and countermeasures.
Skills
Ability in planning and executing risk assessments, from risk identification to monitoring.
Strong analytical and problem-solving abilities, with the capacity to understand and manage various types of cyber risks.
Experience in managing small projects or contributing to large projects in a collaborative environment is advantageous, including the management of stakeholders.
Strong verbal and written communication skills, able to document and explain compliance issues and risks to a non-technical audience.
Excellent interpersonal skills to collaborate effectively with both technical and non-technical teams.
Working with diverse academic, cultural, and ethnic staff backgrounds.
Qualifications
Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or a related field.
Minimum of 2-3 years of experience in an information security or IT assessment role.
Professional certifications like ISC2 Certified in Cybersecurity (CC) or CompTIA Security+ are advantageous.
Professional certifications like ISACA Certified Risk and Information Systems Controls (CRISC), ISACA Certified Information Systems Auditor (CISA), or ISACA Certified Information Security Manager (CISM) are highly advantageous.
Prior experience in industries with stringent compliance requirements, such as finance industry is advantageous.
Benefits
Corporate medical insurance, Optical and Dental claims.
Competitive salary and bonus structure.
Ongoing professional development opportunities.
Similar Positions
平面设计师
Jun
RM3,000-5,000
1-3 Yrs Exp · 大专 · Wp Kuala Lumpur
Winstar Aluminium Manufacturing Sdn Bhd
Customer Service Support (KL)
Fan
RM2,000-3,000
1-3 Yrs Exp · No degree required · Wp Kuala Lumpur
EPOS Pte. Ltd.
Sales Manager, Malaysia
Fan
RM8,000-10,000
3-5 Yrs Exp · No degree required · Wp Kuala Lumpur
EPOS Pte. Ltd.
Admin Executive, Malaysia (KL based)
Fan
RM2,000-3,000
No experience required · 大专 · Wp Kuala Lumpur
EPOS Pte. Ltd.
Work Location
Kuala Lumpur-Wp Kuala Lumpur
Third Party Platform Sdn Bhd
50-100
4 hot job openings
Special Declaration/Note:
- 熊猫招聘严禁企业和招聘者用户做出任何损害求职者合法权益的违法违规行为,包括但不限于扣押求职者证件、收取求职者财物、向求职者集资、让求职者入股、诱导求职者异地入职、异地参加培训、违法违规使用求职者简历等。 若发布的职位存在违法等恶意内容的情况, 请立即举报
Website Information / Site Notice
Job Seeker Services
Corporate Recruitment
© Copyright 2023 JOBPANDA