Deputy Manager | Cybersecurity Risk Management

• This position will be reporting to the Head of Risk Management Advisory 1 Section and will function under the Cybersecurity Risk Management Unit.
• Support and strengthen cybersecurity governance through comprehensive cybersecurity risk assessments, in‑depth risk advisory services, and proactive engagement with key stakeholders to ensure cybersecurity compliance with internal policies and regulatory standards.

• Research, monitor and analyse emerging cybersecurity threats and regulatory requirements.
• Develop, design, and maintain comprehensive policies and guidelines to address security needs and compliance obligations.
• Provide expert‑level cybersecurity advisory for business initiatives, systems implementations, and operational processes to ensure alignment with security policies and risk appetite.
• Review and assess IT change requests, vendor solutions, technology initiatives and third‑party controls for security risks and recommend mitigation strategies.
• Participate in the planning, execution, and analysis of cybersecurity simulation exercises (e.g., phishing, smishing) to test and enhance organizational readiness.
• Partner with the SOC team on breach impact assessments and remediation action.
• Lead threat modelling, control gap analysis, and risk scoring for systems/cloud (AWS/Azure).
• Monitor the implementation of risk mitigation plans and follow up with relevant departments to ensure timely closure of issues.
• Participate in governance forums and act as a liaison to internal committees (e.g., Risk Management Department, Data Governance Office, etc) on matters relating to IT risk and security governance.
• Prepare reports, presentations, and dashboards on cybersecurity risk posture, incidents, and remediation progress for internal stakeholders and management.
• Contribute to the development and refinement of IT security governance frameworks, policies, and procedures.

• Possess a Bachelor's Degree in Computer Science/ Information Technology, Cybersecurity or equivalent qualification from accredited higher learning institutions.
• At least 7 years of relevant working experience in IT security, risk management, or cybersecurity risk management and advisory.
• Proficiency in technology and cyber risk frameworks (e.g. BNM’s RMiT, NIST RMF, CIS, MITRE ATT&CK) and risk quantification (e.g. FAIR, NIST SP 800-37, ISO 27001).
• Excellent analytical thinking, communication, and stakeholder engagement skills.
• Experience coordinating with cross‑functional teams on security governance and compliance efforts.
• Professional certifications such as CISM, CISSP, CRISC, or equivalent are highly desirable.
• Malaysian citizen.
• Obtain a pass in Bahasa Melayu, including an oral test in Sijil Pelajaran Malaysia (SPM) level or equivalent qualification recognised by the Government.

Permanent

Cybersecurity Risk Unit, Risk Management Advisory I Section, Risk Management Department

All applications are strictly CONFIDENTIAL and only shortlisted candidates will be called in for interview. Applications are deemed UNSUCCESSFUL if there is no feedback from the EPF 2 MONTHS after the closing date of the advertisement.