IT Security Governance and Risk Management Senior Analyst

This position will be reporting to the Head of Security Governance & Risk Management Section and will function under the Advisory & Governance Unit.

Support and strengthen cybersecurity governance through comprehensive risk assessments, in-depth advisory services, and proactive engagement with key stakeholders to ensure compliance with internal policies and regulatory standards.

• Provide expert-level IT security advisory for business initiatives, systems implementations, and operational processes to ensure alignment with security policies and risk appetite.
• Review and assess IT change requests, vendor solutions, technology initiatives and third-party controls for security risks and recommend mitigation strategies.
• Lead the planning, execution, and analyse cybersecurity simulation exercises (e.g., phishing, smishing) to test and enhance organizational readiness.
• Monitor the implementation of risk mitigation plans and follow up with relevant departments to ensure timely closure of issues.
• Participate in governance forums and act as a liaison to internal committees (e.g., Risk Management Department, Data Governance Office, etc) on matters relating to IT risk and security governance.
• Prepare reports, presentations, and dashboards on cybersecurity risk posture, incidents, and remediation progress for internal stakeholders and management.
• Contribute to the development and refinement of IT security governance frameworks, policies, and procedures.
• Mentor and support junior analysts in risk assessment and advisory functions.

• Malaysian citizen.
• Pass Malay Language including oral test at Sijil Pelajaran Malaysia (SPM) level.
• Possess a Bachelor\'s Degree in Computer Science/ Information Technology, Cybersecurity or equivalent qualification from accredited higher learning institutions.
• Minimum 6–9 years of experience in IT security, risk management, or cybersecurity advisory roles.
• Strong understanding of information security principles, risk assessment methodologies, and regulatory frameworks (e.g., ISO 27001, NIST, CIS).
• Excellent analytical thinking, communication, and stakeholder engagement skills.
• Experience coordinating with cross-functional teams on security governance and compliance efforts.
• Professional certifications such as CISM, CISSP, CRISC, or equivalent are highly desirable.

Permanent

All applications are strictly CONFIDENTIAL and only shortlisted candidates will be called in for interview. Applications are deemed UNSUCCESSFUL if there is no feedback from the EPF 2 MONTHS after the closing date of advertisement.