Cybersecurity Governance, Risk, and Compliance (GRC) Executive

Add expected salary to your profile for insights

Cybersecurity Governance, Risk, and Compliance (GRC) Executive

The Cybersecurity Governance, Risk, and Compliance (GRC) Assistant provides essential administrative, documentation, and coordination support to the Group Information Security Division. The incumbent plays a key role in supporting cybersecurity governance functions, including policy documentation, risk register maintenance, compliance tracking, audit preparation, and administrative coordination across all entities within the Group.

This role is designed for individuals with strong organizational skills, basic understanding of information security principles, and a keen interest in compliance, regulatory frameworks, and risk management. The GRC Assistant will work closely with internal cybersecurity professionals and corporate departments to ensure that information security governance practices are consistently implemented and documented across the organization.

Key Responsibilities

Cybersecurity Governance Support

Assist in the development, formatting, and version control of cybersecurity policies, procedures, standards, and guidelines in alignment with frameworks such as ISO/IEC 27001, NIST, Cyber Security Act 854, and Personal Data Protection Act 709.

Track document revisions and ensure all stakeholders are working from the most current versions of governance artefacts.

Maintain centralized documentation libraries and controlled access to sensitive information security documents.

Risk Management and Control Documentation

Support the maintenance of the cybersecurity risk register, including the logging of identified risks, control gaps, and mitigation actions.

Liaise with internal departments to gather risk-related information, validate control implementation, and update risk treatment plans.

Document residual risks and escalate material risks to senior management through structured reporting formats.

Compliance Monitoring and Audit Preparation

Assist in preparing compliance evidence for internal and external audits, including NACSA, PDPA, Securities Commission Guidelines, ISO/IEC 27001, and other regulatory reviews.

Maintain an inventory of compliance obligations and track due dates for recurring assessments, policy reviews, and regulatory submissions.

Coordinate and compile responses for security questionnaires, assessments, and audit checklists from external clients and auditors.

Administrative Coordination

Provide administrative support to the Group Information Security Division, including meeting scheduling, minutes recording, and preparation of reports and presentation materials.

Manage document workflows, internal requests, and follow-up actions for governance-related initiatives.

Track project deliverables, deadlines, and compliance calendars using standardized templates and productivity tools.

Support for Awareness, Training, and Communication

Assist in planning and administering internal cybersecurity awareness programs, workshops, and compliance briefings across the SENA Group.

Help draft and distribute communication materials including newsletters, posters, and reminders related to security policies and initiatives.

Maintain attendance records, feedback forms, and training logs for compliance audits.

Minimum Qualifications

Academic Qualifications

Diploma or Bachelor’s Degree in Information Technology, Business Administration, Risk Management, Information Systems, or a related field from a recognized institution.

Certifications (Preferred but not mandatory)

ITIL Foundation, ISO/IEC 27001:2013 Internal Auditor, CompTIA Security+, or equivalent certifications in governance or risk.

Required Technical Competencies

Basic understanding of information security principles, risk frameworks, and regulatory compliance.

Familiarity with governance standards and cybersecurity frameworks (e.g., ISO 27001, NIST CSF, SC Guidelines, Bank Negara RMIT, GDPR, PDPA).

Proficiency in documentation tools (e.g., Microsoft Word, Excel, PowerPoint, SharePoint, Confluence).

Experience with productivity platforms (e.g., Microsoft Teams, Smartsheet, Trello, or similar task tracking systems).

Ability to generate structured reports, maintain logs, and manage documentation repositories effectively.

Behavioural and Professional Competencies

Exceptional organizational and administrative capabilities with strong attention to detail.

High level of integrity and discretion in handling confidential information.

Effective communication and coordination skills, both verbal and written in English and Bahasa Malaysia.

Ability to work under direction, adhere to deadlines, and manage multiple documentation tasks in parallel.

Professionalism, reliability, and commitment to excellence in support of cybersecurity governance objectives.

Salary match Number of applicants Skills match

Your application will include the following questions:

Which of the following statements best describes your right to work in Malaysia? What's your expected monthly basic salary? Which of the following languages are you fluent in? How much notice are you required to give your current employer? How many years' experience do you have as a Cybersecurity Governance Officer? How many years' experience do you have as a Risk Management Coordinator? How many years' experience do you have as a Compliance Administrator?

To help fast track investigation, please include here any other relevant details that prompted you to report this job ad as fraudulent / misleading / discriminatory.

Researching careers? Find all the information and tips you need on career advice.