SENIOR/JUNIOR INFORMATION SECURITY CONSULTANT (GOVERNANCE, RISK AND COMPLIANCE)

This position contributes to the success of wizlynx group by performing the following:

• Responsible for development and operational activities across the entire scope of our clients Security Governance, Risk and Compliance programs.
• The job encompasses leading and participating in the assessment of security, risks, and control effectiveness for applications, infrastructure, and technology projects. The Specialist will identify, classify, and document control issues in our clients computing environment by documenting assessment results, recommending corrective action, tracking remediation, evaluating policy and control standard exceptions, and regularly reporting to our clients IT management.
• Serve as the primary contact point for issue escalation
• Manage service support requirements and ensure that quality plan, KPIs/SLAs are met
• Draft support SOP and documentation
• Models and acts in accordance with wizlynx group guiding principles

With this position, you will also have the opportunity to get introduced to different areas of information and cyber security such as Offensive Security & Penetration Testing

Summary of Key Responsibilities

• Leads IT control assessments for our clients to ensure effective IT controls are in place to meeting operational and compliance requirements.
• Works with our clients IT, Internal Audit, Compliance and other key stakeholders to create an IT GRC strategy that complies with professional standards and addresses the IT risks inherent in our client’s operations and industry.
• Develops Vendor Risk Management policies and supports client’s risk profile assessment for vendor on-boarding process and conducts annual review of critical vendors.
• Performs ongoing logical access reviews and recommends updates to access control privileges to ensure proper Segregation of Duties based on user access reviews.
• Effectively reports and communicates testing results to client’s IT management for corrective action, where required.
• Conducts information security awareness training.
• Performs evidence collection and project management assistance of our clients annual compliance (e.g. CREST, PCI DSS) certification program.
• Track and monitor risk exceptions to ensure control deviations are identified and mitigating controls are in place.
• Assist our clients with drafting and maintaining information security policies
• Provides mentoring for other team members.
• Demonstrates excellent project management skills, inspires teamwork and responsibility with engagement team members, and uses current technology/tools to enhance the effectiveness of deliverables and services.
• Facilitates the performance and testing of our client’s annual disaster recovery tests and business continuity plans.

Summary of Ideal Experience, Skills, Knowledge, and Abilities

Ideal Experience

a) Senior GRC role:

A minimum of five years of experience in information security audit or in a technology-related audit or compliance field, and strong knowledge base in operations, enterprise networking, system evaluation/architecture and consulting experience preferred.

b) Junior GRC role:

One to two years of experience in information security audit or in a technology-related audit or compliance field, and strong knowledge base in operations, enterprise networking, system evaluation/architecture and consulting experience preferred.

• Strong understanding of and ability to provide security configuration and testing of networking and operating systems including TCP/IP, WAN/LAN routing, VLAN architecture, and a wide array of large-scale environments including various major web application servers
• Strong understanding of information security principles such as ISO 27001, BNM GPIS, MAS TRM PCI-DSS, PDPA, and other regulatory compliance

Language Skills

• Fluent technical English (speech and writing)
• Ability to communicate clearly and concisely, both orally and in writing, in local language

Soft Skills

• Excellent team leadership, team oriented and team player who takes ownership
• Flexible attitude, reliable, action oriented
• Customer friendly approach and appearance
• Willingness to travel
• Innovative to push new ideas, dynamic and forward looking with clear management principle towards the team
• Able to work independently, critical thinking and be able to communicate effectively with the support team and customers
• Enjoys working in global team with different cultures

Technical Skills and Abilities

• Microsoft OS and Office knowledge
• Technical document writing
• Experience in Project Management in IT
• Knowledge in perimeter firewall infrastructure and VPN remote access

Summary of Education

• Bachelor's degree from an accredited college/university in an appropriate field

Certifications / Training

• CISM, CISA, CRISC, CISSP certified

Key Performance Indicators / Measures of Success

• Achieve agreed targets/SLA/KPI in terms of quality, time and cost
• Lead team members to achieve team/organizational goals
• Improve and retain high customer satisfaction
• Advance to higher business development tiers or geographic reach

Salary match Number of applicants Skills match

Computer Software & Networking 51-100 employees

Headquartered in Switzerland, wizlynx group is a global IT company, employing more than 140 highly skilled IT associates and serving more than 1000 clients. Our vision is to be a best-in-class global IT company, enabling customers to focus on their core business by providing them high- quality, value added, innovative and secure managed services.

Wizlynx is an IT service provider with extensive experience in infrastructure and network security solutions, which complement our high level of competency in Information Security, Quality & Project Management for enterprise IT organizations. With numerous credentials and extensive experience in the pharmaceutical, banking, insurance, telecom, nutrition, and IT industries, wizlynx can readily provide regulated industry sectors with the following portfolio of services:

Project, Quality, Engineering and IT Security Competence Centers Innovation, implementation, and instantiation of solutions 24/7 Operational Competence Centers for Access & Authentication, Extranet & Firewall And, with a standardized set of core processes, our functional areas are able to share technology, services and administrative functions, enabling a more efficient and effective workforce.

Headquartered in Switzerland, wizlynx group is a global IT company, employing more than 140 highly skilled IT associates and serving more than 1000 clients. Our vision is to be a best-in-class global IT company, enabling customers to focus on their core business by providing them high- quality, value added, innovative and secure managed services.

Wizlynx is an IT service provider with extensive experience in infrastructure and network security solutions, which complement our high level of competency in Information Security, Quality & Project Management for enterprise IT organizations. With numerous credentials and extensive experience in the pharmaceutical, banking, insurance, telecom, nutrition, and IT industries, wizlynx can readily provide regulated industry sectors with the following portfolio of services:

Project, Quality, Engineering and IT Security Competence Centers Innovation, implementation, and instantiation of solutions 24/7 Operational Competence Centers for Access & Authentication, Extranet & Firewall And, with a standardized set of core processes, our functional areas are able to share technology, services and administrative functions, enabling a more efficient and effective workforce.

Perks and benefits Medical Dental Vision Performance Bonus, Overtime Pay, EPF/KWSP, Annual

To help fast track investigation, please include here any other relevant details that prompted you to report this job ad as fraudulent / misleading / discriminatory.

Researching careers? Find all the information and tips you need on career advice.