Enable job alerts via email!
Senior IT Risk & GRC Specialist
PowTech Solution (M) Sdn. Bhd
Selangor
On-site
MYR 80,000 - 110,000
Full time
Generate a tailored resume in minutes
Land an interview and earn more. Learn more
Job summary
A technology solutions company in Malaysia is seeking a Senior Risk Management Specialist. This role involves conducting IT and cyber risk assessments, managing technology risks, and collaborating with IT, Security, and Audit teams. The ideal candidate should have a Bachelor's degree, at least 5 years of relevant experience, and proficiency in risk management frameworks like ISO 27001 and NIST. Strong communication skills and the ability to work independently in a dynamic setting are essential.
Qualifications
- At least 5 years of hands-on experience in IT Risk Management or related fields.
- Professional certifications such as CISA, CRISC, or CISSP are preferred.
- Excellent communication skills in English.
Responsibilities
- Perform IT, cyber, and application risk assessments.
- Identify and document technology and security risks.
- Prepare risk reports and management presentations.
Skills
Education
Tools
The Senior Risk Management Specialist is responsible for hands‑on execution of IT and cyber risk activities. The role works closely with IT, Security, Audit, and business stakeholders to identify, assess, and manage technology risks in line with group standards.
This is an individual contributor role. The position does not involve people management and requires strong independence and ownership.
- Perform IT, cyber, and application risk assessments
- Identify, assess, and document technology and security risks
- Maintain and update risk registers, risk ratings, and mitigation plans
- Support IT audit activities, including audit preparation, response, and remediation tracking
- Review effectiveness of IT and application controls
- Coordinate with IT, Security, Internal Audit, and business stakeholders
- Prepare risk reports, dashboards, and management presentations
- Support risk reviews, workshops, and governance forums
- Ensure alignment with group risk policies, standards, and frameworks
- Participate in incident analysis and post‑event reviews when required
- Strong experience in IT Risk Management, Cyber Risk, or GRC
- Hands‑on exposure to application risk assessment and IT controls
- Good understanding of IT audit processes
- Strong stakeholder management, communication, and coordination skills
- Able to translate technical risks into business‑impact language
- Comfortable working independently and managing multiple priorities
- Structured, analytical, and detail‑oriented
- Able to work under pressure in a regional environment
- Bachelor’s Degree in Information Technology, Cyber Security, Risk Management, Computer Science, Engineering, or related discipline
- At least 5 years of hands‑on experience in IT Risk Management, Cyber Security Risk, Application Risk Assessment, or IT Audit / Technology Controls
- Experience working in MNC or regional APAC environments is preferred
- Familiarity with ISO 27001, ISO 31000, NIST, and COBIT frameworks
- Exposure to GRC tools or structured risk platforms is an advantage
- Professional certifications is a big plus, including CISA, CRISC, CISSP (risk or governance focus), ISO 27001 Lead Implementer or Lead Auditor, and CIA
- Excellent communicator in English with strong interpersonal skills
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
