IT Security & Compliance Manager (PCI-DSS / ISO 27001)

Working hour: Mon-Fri, 9am-6pm (WFH once confirmed)

Industry: IT Consulting Solutions

• Manage operational IT Security for a high availability financial service, handle reporting and improvement, and assist in audits and trainings.
• Drive analysis and handling of security vulnerabilities and incidents.
• Establish, maintain and review compliance with Operational Security processes and procedures, and monitor adherence.
• Establish, maintain and review strict access control to information and IT systems according to business needs and access policies.
• Perform Access Management activities (grant, change and revoke access privileges).
• Establish and maintain an environment that complies with PCI DSS, ISO/IEC 27001/27002, and other applicable security standards and baselines.
• Monitor and manage security controls (system settings, logs, alerts, audit trails, authentication events, attempts, violations, faulty logons, lockouts, etc.).
• Collaborate with clients, application and infrastructure owners to apply and implement security changes/solutions (e.g., protection concepts, security specifications, architecture and design, security assessment).
• Contribute to Security Operation Center (SOC) tools, maintenance and operations support.

• Knowledge of baseline controls including environmental controls, application general controls, third-party access controls and legal/regulatory controls.
• Experience working with external auditors on ISAE 3402, PCI-DSS, and other mandatory standards; familiarity with ISO/IEC 27001 family.
• Maintaining mandatory standards (health and safety) and ISO/IEC 27001:2005/27002:2005/27005:2008 when applicable.
• Self-starter with ability to work autonomously and willingness to learn and explore compliance and IT security.
• Strong written and verbal communication; ability to interact with internal/external stakeholders, auditors and cross-functional teams.
• Broad understanding of security technology, IT security standards and compliance.

• Overall 8-10 years of IT industry experience, with at least 5 years in IT Security & Compliance.
• Self-motivated, able to work independently and as part of a team.
• Nice to have: domain knowledge in payments (PCI DSS, PCI PA-DSS), security standards, IT security and assurance, SIEM, and experience with IT operations/SOC tools.

• Which statement best describes your right to work in Malaysia?
• What is your expected monthly basic salary?
• How much notice are you required to give your current employer?