Enable job alerts via email!

Information Security Governance & Compliance Lead

Pacific Comnet (M) Sdn Bhd

Kuala Lumpur

On-site

MYR 200,000 - 250,000

Full time

14 days ago

Job summary

A leading cybersecurity firm in Kuala Lumpur is seeking an Information Security Governance & Compliance Lead. The successful candidate will oversee ISO27001:2022 certification programs, establish ISMS documentation, and govern risk assessment processes. Key responsibilities include managing compliance with regulatory requirements and ensuring effective governance frameworks are in place. This role is ideal for candidates with robust experience in information security leadership.

Qualifications

Experience leading compliance programs in information security.
Knowledge of ISO27001:2022 standards and requirements.
Familiarity with ITIL frameworks and service management.

Responsibilities

Oversee ISO27001:2022 certification programs.
Establish and maintain ISMS documentation.
Govern the enterprise risk assessment process.
Report compliance status and risks to senior leadership.

Skills

ISO27001:2022 certification

Risk assessment

Compliance monitoring

Change Management

Incident Management

Information Security Governance & Compliance Lead

Certification & Compliance Governance

Oversee Pacific Internet’s ISO27001:2022 certification program and surveillance audits.
Govern Acclivis’ transition from ISO27001:2015 to ISO27001:2022.
Act as liaison with certification bodies and external auditors.

ISMS Governance & Documentation

Establish, review, and maintain ISMS documentation (policies, procedures, SOPs, SoA).
Ensure alignment of ISMS with ISO27001:2022 requirements across both entities.
Monitor and enforce compliance with customer, contractual, and regulatory requirements.

Risk & Assurance Management

Govern the enterprise risk assessment and treatment plan process.
Track remediation and closure of audit findings, vulnerabilities, and compliance gaps.
Provide assurance to customer security due-diligence requests.

ITIL Service Management Governance

Oversee integration of ISO27001 requirements into ITIL processes:
Change Management – security risk evaluation in change approvals.
Incident Management – incident classification and escalation under ISMS.
Problem Management – root cause governance to prevent recurring failures.
Service Request Management – secure onboarding, offboarding, and access governance.

Governance Committees & Structures

Establish and chair the Information Security Steering Committee (ISSC) to oversee ISMS performance, risks, and improvements.
Facilitate a Risk & Compliance Committee for risk treatment and audit follow-up.
Ensure security participation in the Change Advisory Board (CAB) to align ITIL changes with ISO27001 governance.
Document all committee activities (agenda, minutes, actions, follow-up).
Govern delivery of ISO27001/security awareness training.
Report ISMS performance, compliance status, and risks to senior leadership.
Foster a culture of governance, accountability, and continuous improvement.

Application & Additional Information

Application questions:

Which of the following statements best describes your right to work in Malaysia?
What's your expected monthly basic salary?
Which of the following types of qualifications do you have?
How many years' experience do you have as a Compliance Lead?

To help fast track investigation, please include here any other relevant details that prompted you to report this job ad as fraudulent / misleading / discriminatory / salary below minimum wage.

Researching careers? Find all the information and tips you need on career advice.

Get your free, confidential resume review.

or drag and drop a PDF, DOC, DOCX, ODT, or PAGES file up to 5MB.