Head of Information Security

Closing Date : 30/09/2025

Life at U Mobile

We are Passionate, Innovative, Trustworthy, Team-Oriented & Fun-Loving.

At U Mobile, we are always on the lookout for great talents and passionate individuals to join our growing team.
Let’s start your journey with an award-winning organization!

#UnbeatableCareerAwaits

Top Reasons To Join Us!
• Awarded For
o Most Preferred Employers in Telecommunication Industry (2022, 2023 & 2024)
o Bronze Winner in Cross-Generational Workforce Engagement (2024)
o Gold Winner for Excellence in Workplace Culture (2021)
• Comprehensive medical, dental, optical and insurance benefits
• Flexi working hours arrangements
• Staff Line & Device Subsidy
• Smart Casual Attire
• Child Parental Care Leave
• Convenient location with access to public transport (Imbi Monorail/Bukit Bintang MRT)
• Special employee discounts for selected F&B Brands

Job Summary

• As the Head ofInformation Security, you will be responsible for protecting the integrity,confidentiality, and availability of our information systems, networks, andcustomer platforms across the enterprise, wholesale, and retail businesses. Thisrole will lead the company's cybersecurity strategy, governance, riskmanagement, operations, and incident response efforts in close collaborationwith the existing cybersecurity team and business units. You will formulate andimplement security strategies aligned with the company’s technology vision andenterprise risk management objectives, supporting our ambitions to growsecurely and responsibly across all segments.

Job Summary

• As the Head ofInformation Security, you will be responsible for protecting the integrity,confidentiality, and availability of our information systems, networks, andcustomer platforms across the enterprise, wholesale, and retail businesses. Thisrole will lead the company's cybersecurity strategy, governance, riskmanagement, operations, and incident response efforts in close collaborationwith the existing cybersecurity team and business units. You will formulate andimplement security strategies aligned with the company’s technology vision andenterprise risk management objectives, supporting our ambitions to growsecurely and responsibly across all segments.

• Cybersecurity Strategy & Frameworks
• Lead the development and execution of the company’s cybersecurity strategy aligned to Enterprise Risk Management (ERM), Technology Risk Management Framework (TRMF), and Cyber Resilience Framework (CRF).
• Drive cybersecurity maturity programs based on NIST Cybersecurity Framework or similar standards.

• Security Governance & Policies
• Oversee the establishment of cybersecurity policies, procedures, and standards to protect products and services across enterprise, wholesale, and retail segments.
• Ensure compliance with regulatory requirements, industry best practices, and internal governance frameworks.

• Risk Management & Security Architecture
• Assess and manage technology and cyber risks enterprise wide.
• Ensure that information security architecture and roadmaps support both business objectives and security needs.
• Define cybersecurity risk appetite, tolerance levels, and Key Risk Indicators (KRIs).

• Security Operations & Monitoring
• Oversee threat management, detection, and response operations.
• Ensure effective use of tools and practices to detect and respond to cyber threats (e.g., malware, phishing, hacking).

• Incident Management & Response
• Develop, maintain, and execute the Cyber Incident Response Plan (CIRP).
• Coordinate incident responses, forensic investigations, and recovery efforts following cyberattacks.

• Product & Technology Enablement
• Advise technology and product teams on secure-by-design principles for new initiatives including cloud adoption, AI/ML applications, and emerging technologies.

• Compliance, Audit & Reporting
• Review and monitor penetration testing, vulnerability assessments, and internal/external audits.
• Liaise with regulators, auditors, and Board Committees on cybersecurity issues and audit results.
• Ensure timely reporting of cybersecurity incidents to senior management, Group Information Security, Board Committees, and regulators.

• Stakeholder Management
• Working with MCMC and NACSA. Key to ensure we are in the loop and able to access key stakeholders.
• Key internal stakeholders would be Audit Committee for regular reporting and updates of the plan and progress
• General industry to ensure organization are respected and building a credible brand in the Information Security angle.

• Leadership & Talent Development
• Lead and mentor cybersecurity team members.
• Foster a strong cybersecurity culture across the organization.
• Drive professional and personal development of the team through coaching, training, and upskilling initiatives.

About You

• Minimum 10+ years of experience in information security management, cybersecurity operations, or related functions.
• Bachelor’s or Master’s Degree in Information Technology, Computer Science, Cybersecurity, or related fields.
• Prior leadership experience in a telecommunications or technology-driven environment, covering enterprise, wholesale, and retail businesses.
• Proven experience with cybersecurity frameworks (NIST, ISO 27001, etc.), risk management, and incident management.
• Deep knowledge of telecommunications networks, IT infrastructure, and cybersecurity technologies.
• Strong understanding of cloud security, application security, and data privacy regulations.
• Demonstrated ability to balance security needs with business enablement.
• Excellent stakeholder management, communication, and leadership skills.
• Professional certifications such as CISSP, CISM, CISA, or equivalent are highly desirable.

What’s Next ?
Once you have applied online, our team will review your application and due to a high volume of applications, only shortlisted candidates will be notified.