Information Security Governance, Risk & Compliance (GRC) Executive

i. Develop and maintain the Technology Risk Management Framework (TRMF) and Cyber Resilience Framework (CRF) via the following:

• Assist to develop risk mitigation strategies and formulate enhancements to the TRMF and CRF to maintain a framework that remains relevant in identifying and mitigating significant risks in the achievement of business objectives.
• Assess and regularly analyze IT risks by evaluating the impact and likelihood of identified IT risks and prioritise them via maintenance of IT risk registers.
• Develop and enforce disaster recovery and business continuity plans to address potential cybersecurity incidents.

ii. Perform analysis and risk assessment of proposed new products/new IT vendors to ensure new initiatives/vendor appointments commence in a manner that minimizes risk to the organization.

iii. Conduct assessment on the Company’s compliance with relevant regulatory requirements and policies.

iv. Collaborate with cross‑functional teams to integrate security measures into all aspects of the organization’s infrastructure, and ensure compliance with industry regulations and internal policies.

v. Enforce risk evaluations of third‑party IT outsourcing service providers (OSPs) and ensure appropriate due diligence is performed to identify, mitigate, and maintain ongoing awareness of risks to the Company resulting from IT OSPs.

vi. Provide guidance on the secure design, development, and deployment of new systems and applications.

• Enforce cyber hygiene training and ensure that the trainings are adequately conducted at relevant levels/departments.
• Analyze and assess relevance and impact of cyber threat alerts received, and prepare reports and recommend remedial/mitigation measures where relevant.
• Stay up to date with the latest trends, technologies, and threats in the cybersecurity field.
• Recommend and implement security improvements, leveraging emerging technologies to strengthen the organization’s security posture.

• Lead incident response efforts in case of a security breach or cyberattack, ensuring effective resolution and communication.
• Coordinate with cross‑functional teams and third‑party service providers to provide timely and effective cyber incident responses.
• Post-incident, lead efforts to identify root causes, implement corrective actions, and prevent future occurrences.

• Experience in performing IT audits and risk assessment assignments for at least 5 years.
• Experience developing, implementing, and reviewing security policies, risk assessments, and frameworks (ISO 27001, NIST, etc.).
• Hands‑on work in incident response, vulnerability management, or Security Operations Centre (SOC) environments (a plus if they’ve led Incident Response IR playbooks).
• Experience dealing with audits and regulators (especially BNM, if local), understanding of RMiT, PCIDSS, or GDPR.
• Worked on or led ISO 27001 certification/maintenance.
• Familiarity with SIEM, endpoint protection, DLP, IDS/IPS, etc.
• Reviewed contracts and SLAs, managed vendor risk assessments.
• Participated in secure software development or secure system implementation projects.
• Excellent written English and interpersonal skills, a team player and communicator, and a self‑starter.
• Bachelor’s Degree (or equivalent) and above.
• *Professional certification (such as CISSP, CISM, CISA, CEH or CompTIA Security+ or equivalent).

Be careful – Don’t provide your bank or credit card details when applying for jobs. Don't transfer any money or complete suspicious online surveys. If you see something suspicious, report this job ad.