Cyber and IT Risk Manager

Job title: Cyber & IT Risk Manager
Location: Malaysia

World-changing careers, enabled by Johnson Matthey. With more than 200 years of history, join us and help to accelerate the transition to net-zero! As a Cyber & IT Risk Manager, you’ll contribute to JM’s mission as a world leader in sustainable technology, transforming energy and reducing carbon emissions for a cleaner, brighter future.

The role:

As a Cyber & IT Risk Manager, you will help drive our goals by:

1. Cyber and IT risk management
   • Develop, implement, schedule and drive a cyber and IT risk management program which includes regular assessment, prioritisation, and review of remediation and mitigation activities, with clearly defined management ownership.
   • Ensure that the risk management program is aligned with business priorities and risk appetite, assessing and clearly communicating those risks in a non-technical, easily digestible manner that ensures all stakeholders can make informed decisions on these risks.
2. Cyber and IT controls assurance
   • Developing, maintaining and operating cyber and IT controls assurance processes, including being responsible for the JM ITGC framework and ensuring system owners understand their responsibilities.
   • Conduct thorough assessments of control environments, systems, processes, and practices to identify control gaps, including those associated with audit actions, customer and stakeholder requirements. Ensure effective action is taken to resolve any issues and identify root causes and remediations that can be addressed through continual improvement.
3. Cyber and IT horizon scanning
   • Keep up to date with regulatory and legislative developments relating to cyber and IT, identifying and assessing any changes that are relevant to JM and developing recommendations and action plans, communicating these as necessary to senior management.
   • Keep up to date with best practices in risk and controls management, applying this knowledge where applicable to deliver improvements that benefit JM.

Key skills that will help you succeed in this role:

• Knowledge and experience of cyber and IT controls and supporting associated audits.
• Ability to communicate with business stakeholders to articulate cyber and IT risks in business terms.
• Technical and/or practical experience of:
  • Cyber security controls/capabilities and relevant standards e.g. ISO27001
  • IT controls implementation and assurance, including but not limited to IT general controls
  • Enterprise software capabilities and technologies, including but not limited to ERP, CRM, enterprise operating systems (e.g. Windows/Linux)
  • Relevant legislation such as NIS2, GDPR and Computer Misuse Act
  • Relevant industry standards such as MITRE and NIST
  • Risk management best practices.

Even if you only match some of the skills, we’d love to hear from you to discuss further!

What we offer:
We make sure salaries are fair, competitive and aligned to individual roles, experience and responsibilities. We are also supportive of hybrid and flexible working and, where applicable, offer life, medical and other benefits that support our employees’ financial and physical wellbeing, such as:

• Retirement savings
• Life and disability insurance
• Commuter allowances and loans
• Medical plans / health assessments

Ready to make a meaningful impact on your career and the environment? Join us and help shape a sustainable future while advancing your career!

At JM, inclusivity is central to our values. We create an environment where everyone can thrive, embracing diverse perspectives to tackle challenges and ensure all colleagues feel valued and connected.

For any queries or accessibility requirements, please contact GlobalRecruit@matthey.com. We will work with you to make suitable adjustments at any stage of the recruitment process. All conversations are confidential, and your feedback is welcome to help us provide an accessible and positive recruitment experience.

Closing date for applications: This job advertisement will be posted for a minimum of 2 weeks, early application is advised.

To submit your application, please click the "Apply" button online.

All applications are carefully considered and your details will be stored on our secure Application Management System. This is used throughout Johnson Matthey for the selection of suitable candidates for our vacancies as they arise. Johnson Matthey respects your privacy and is committed to protecting your personal information.

For more information about how your personal data is used please view our privacy notice: Johnson Matthey Privacy Notice. By applying for this role and creating an account you are agreeing to the notice.

Johnson Matthey Plc is an equal opportunities employer and positively encourages applications from suitably qualified and eligible candidates regardless of sex, race, disability, age, sexual orientation, marriage or civil partnership, pregnancy or maternity, religion or belief.