Deputy Manager | Cybersecurity Risk Management

JOB SUMMARY

• This position will be reporting to the Head of Risk Management Advisory 1 Section and will function under the Cybersecurity Risk Management Unit.
• Support and strengthen cybersecurity governance through comprehensive cybersecurity risk assessments, in-depth risk advisory services, and proactive engagement with key stakeholders to ensure cybersecurity compliance with internal policies and regulatory standards.

JOB RESPONSIBILITIES

• Research, monitor and analyse emerging cybersecurity threats and regulatory requirements.
• Develop, design, and maintain comprehensive policies and guidelines to address security needs and compliance obligations.
• Provide expert-level cybersecurity advisory for business initiatives, systems implementations, and operational processes to ensure alignment with security policies and risk appetite.
• Review and assess IT change requests, vendor solutions, technology initiatives and third-party controls for security risks and recommend mitigation strategies.
• Participate in the planning, execution, and analysis of cybersecurity simulation exercises (e.g., phishing, smishing) to test and enhance organizational readiness.
• Partner with the SOC team on breach impact assessments and remediation action.
• Lead threat modelling, control gap analysis, and risk scoring for systems/cloud (AWS/Azure).
• Monitor the implementation of risk mitigation plans and follow up with relevant departments to ensure timely closure of issues.
• Participate in governance forums and act as a liaison to internal committees (e.g., Risk Management Department, Data Governance Office, etc) on matters relating to IT risk and security governance.
• Prepare reports, presentations, and dashboards on cybersecurity risk posture, incidents, and remediation progress for internal stakeholders and management.
• Contribute to the development and refinement of IT security governance frameworks, policies, and procedures.

JOB REQUIREMENTS

• Possess a Bachelor's Degree in Computer Science/ Information Technology, Cybersecurity or equivalent qualification from accredited higher learning institutions.
• At least 7 years of relevant working experience in IT security, risk management, or cybersecurity risk management and advisory.
• Proficiency in technology and cyber risk frameworks (e.g. BNM’s RMiT, NIST RMF, CIS, MITRE ATT&CK) and risk quantification (e.g. FAIR, NIST SP 800-37, ISO 27001).
• Excellent analytical thinking, communication, and stakeholder engagement skills.
• Experience coordinating with cross-functional teams on security governance and compliance efforts.
• Professional certifications such as CISM, CISSP, CRISC, or equivalent are highly desirable.
• Malaysian citizen.
• Obtain a pass in Bahasa Melayu, including an oral test in Sijil Pelajaran Malaysia (SPM) level or equivalent qualification recognised by the Government.

JOB STATUS

Permanent

PLACEMENT

Cybersecurity Risk Unit, Risk Management Advisory I Section, Risk Management Department

All applications are strictly CONFIDENTIAL and only shortlisted candidates will be called in for interview. Applications are deemed UNSUCCESSFUL if there is no feedback from the EPF 2 MONTHS after the closing date of the advertisement.