Senior Information Security Management Specialist - Remote in Malaysia

Location: Kuala Lumpur, Malaysia (Remote/Hybrid)

Reports to: Senior Director, Information Security

Business: Global Data Centers

Our client, a global data center provider, is hiring a Senior Information Security Management Specialist to own and mature the Information Security Management System (ISMS) across multiple frameworks, including ISO 27001, NIST, PCI DSS, GDPR and NIS2.

This is a senior governance, risk and compliance role with clear responsibility for ISMS operations, risk management, audit and vulnerability oversight. The successful candidate will use automation and AI‑enabled tools to scale the security program rather than relying on manual effort alone. This is not a SOC analyst role; it is a senior GRC/ISMS leadership position.

• Own the ISMS for the data center environment and keep it aligned with ISO 27001, NIST and internal policies
• Maintain and continuously improve the security policy, standard and procedure library
• Use AI‑assisted tools (policy assistants, regulatory mapping, documentation automation) to speed up updates and improve consistency

• Lead security risk assessments for key systems, projects and suppliers and maintain a prioritized risk register
• Support “authorization to operate” decisions by providing structured risk analysis and evidence against standards and regulations
• Use dashboards and AI‑enabled analytics to surface top risks, trends and control gaps for senior leadership

• Plan, coordinate and support internal and external audits, including ISO 27001 certification and customer assessments
• Run regulatory and framework gap assessments across ISO 27001, NIST, PCI DSS, GDPR, NIS2 and similar regimes, with clear remediation plans
• Use automation and AI (for example, document summarization and intelligent sampling) to assemble evidence packs and track findings

• Govern the vulnerability management program: define scope, SLAs, escalation and reporting; ensure the process goes beyond scanning and drives real remediation
• Partner with infrastructure and application teams to translate technical findings into clear business impact and remediation actions
• Use AI‑driven tools to combine vulnerabilities, asset criticality and threat intelligence into risk‑based remediation priorities

• Own the security awareness agenda: define the annual plan, run targeted campaigns and measure impact via metrics such as phishing results, training completion and policy understanding
• Educate teams on safe and compliant use of AI, including data handling, prompt hygiene, shadow AI risk and regulatory alignment
• Work with HR, Legal and Engineering to embed security and AI risk expectations into onboarding, objectives and leadership communications

• Champion responsible use of AI across the security program, ensuring confidentiality, integrity and compliance when using AI tools and platforms
• Help define guardrails for enterprise AI use (what data can be shared, how outputs are validated, how misuse is detected and managed)
• Evaluate AI‑enabled security products (GRC automation, continuous control monitoring, anomaly detection, etc.) and recommend adoption where they improve effectiveness or efficiency

• Act as a key point of contact for technology, operations, compliance, legal, internal audit and major customers
• Present risk posture, audit status and remediation progress in concise, business‑oriented language to senior stakeholders
• Mentor junior security and GRC staff, including nearshore and remote team members, to build a strong pipeline of talent

• 8–10+ years of experience in information security or cybersecurity with a strong focus on governance, risk and ISMS management
• Demonstrated experience running or heavily contributing to an ISO 27001 ISMS (design, implementation, certification or surveillance audits)
• Advanced familiarity with:
  • ISMS operations, audits and gap assessments
  • Risk registers, mitigation plans and risk reporting
  • Security awareness and cultural change programs
  • Proven ability to operate in complex multi‑regulatory environments, ideally with exposure to NIST, PCI DSS, GDPR and NIS2
  • Practical experience with vulnerability management tools and processes (governance and oversight, not just scanning)
  • Comfortable using AI‑enabled and automated tools (policy assistants, GRC platforms with AI features, analytics dashboards or security “copilots”)
  • Strong communication skills and the ability to influence senior technical and non‑technical stakeholders
• Practical experience with vulnerability management tools and processes (governance and oversight, not just scanning)
• Comfortable using AI‑enabled and automated tools (policy assistants, GRC platforms with AI features, analytics dashboards or security “copilots”)
• Strong communication skills and the ability to influence senior technical and non‑technical stakeholders
• Experience leading or coordinating remote and distributed teams is preferred

• ISO/IEC 27001 Lead Auditor or Lead Implementer
• One or more of: CISM, CISSP, CISA
• Additional credentials in risk, cloud security, or privacy are a plus