IT Governance, Risk & Compliance Analyst

At Petron, we are not just in the business of oil, we are also in the business of fueling lives.

Petron Malaysia is an emerging and rapidly evolving Asian oil company. It is part of Petron Corporation which is the leading oil company in the Philippines. Our integrated refining, distribution, and retailing of world-class petroleum products help meet the country’s growing energy needs and contributes to a more progressive nation.

We are dedicated and passionate about our vision - to be the leading provider of total customer solutions in the oil sector and its allied businesses.

We are seeking dynamic & innovative individuals who have the drive to make a difference & are fueled to succeed!

Responsible for developing, implementing, and managing the organization's Information Security Governance, Risk Management, and Compliance (GRC) programs. Ensure that information security controls, processes, and solutions are clearly defined and effectively implemented, aligning with current business needs and relevant regulatory standards, including NIST CSF, PCI DSS, BNM RMiT, and ISO/IEC 27001 Standards.

• Lead and continuously improve information security control policies, procedures, and guidelines in line with regulatory, ISMS requirements, and industry best practices.
• Facilitate periodic reviews of information security control policies, procedures, and guidelines.
• Promote awareness and publish IT security bulletins on cybersecurity topics.
• Provide and facilitate training on governance, compliance, risk management, and security-related matters.
• Develop and implement security policies, procedures, and guidelines for all business entities and users.
• Regularly update and maintain the risk register within the GRC platform.
• Develop and maintain change management processes, procedures, and guidelines.
• Lead and manage internal and external audits, and compliance reviews related to information security.
• Oversee the lifecycle of all technology changes and manage third-party security assessments.
• Evaluate and manage third-party risks, generate compliance reports, and assist with budget planning and expenditure compliance.

• Bachelor’s Degree or Diploma in Computing/Information Technology/Computer Security.
• Minimum 3-5 years’ experience in similar role.
• Certified ISO27001:2013/2022.
• Knowledge in Information Security Management System (ISMS) framework, Compliance and Risk Assessment.
• Knowledge of IT security technologies and controls.
• Familiar with NIST, ISO 27001, PCI DSS.
• Experience in developing or implementing IT policies, standards, and procedures.
• Experience in identification, evaluation, management, and monitoring of risk.
• Experience in project coordination for IT projects.
• Ability to carry out investigations on security incidences as well as document findings; it is essential that they can define problems, collect data, establish facts, and draw valid conclusions.
• Strong written and verbal communication skills.
• Good time management.

Thank you for your application! We’re delighted by your interest in joining Petron Malaysia and are truly excited about your enthusiasm for the position!

Please note that due to the volume of applications, only shortlisted candidates will be contacted.