Security Engineer
Share
Job Location:
Kuala Lumpur - Malaysia
Monthly Salary:
Not Disclosed
Posted on:
7 hours ago
Vacancies:
1 Vacancy
Job Summary
Role & Responsibilities:
Technology and Cybersecurity Risk Governance
- Assist in maintaining the technology risk governance framework and supporting the achievement of relevant certifications.
- Support compliance activities with Bank Negara Malaysias RMiT policy and other regulatory requirements.
- Contribute to the development and review of IT and Cybersecurity Risk Appetite statements and governance strategies.
- Provide governance and controls oversight for technology and cybersecurity issues and risks.
- Support the coordination of the Information Security Working Committee and related governance forums.
Technology and Cybersecurity Risk Management
- Lead and execute periodic control assessments and risk assessments ensuring comprehensive coverage of all critical technology and cybersecurity domains.
- Document track and report on risk assessment findings ensuring clear communication of risk exposure and recommended actions to relevant stakeholders.
- Act as the primary risk manager for open risk issues ensuring all risk commitments are tracked escalated where necessary and remediated in a timely and effective manner by risk owners.
- Prepare and report key risk metrics for management review.
- Provide control assurance support including facilitation of risk assessments deviations and mitigation plans.
- Assist with internal and external audits including coordination of control assessments and regulatory compliance.
- Conduct third-party security risk assessments (TPSA) and support supply chain security risk management.
- Track and follow up on audit findings and ensure timely closure.
- Monitor external threat intelligence and escalate emerging risks as needed.
Information Technology and Cybersecurity Policies and Standards
- Assist in reviewing maintaining and publishing information security policies standards and procedures.
- Support the approval training and dissemination of security policies and practices.
- Monitor IT department compliance with cybersecurity policies and controls.
- Recommend updates to policies and procedures to enhance operational efficiency and regulatory alignment.
Requirements:
- Excellent verbal and written English broadly to senior both technical and none-technical audience
- Good listening negotiation and interpersonal skills
- Ability to work independently and at the same time a team player
- Bachelors degree (preferably in IT) in computer science computer engineering information systems or a related study or equivalent.
- Must have at least 8 years of relevant working experience in the managing of information and cyber security risks FI-experienced preferable or enough work engagement in the Financial Industry.
- Industry-recognized professional information security certifications e.g. CISSP CISA CISM CRISC CGEIT is an added advantage.
- Solid understanding of operations and technology including Cloud. Direct and matured experience will be an added advantage.
- Good understanding of the insurance business domain and its critical success factors.
- Strong conceptual and analytical mindset supported by the ability to amass and integrate diverse information from various sources into technology and cybersecurity risk conclusions and recommendations.
- Strong sense of resourcefulness in sourcing data and meticulous in detail analysis besides the dexterity of learning and assimilating the multitude of disciplines in IT and Business functions.
- Ability to develop a comprehensive understanding of business market industry and relate that knowledge to identified operations- and IT-related risks
- Knowledge necessary to propose relevant IT responses to changing business risks and regulatory changes
- Has in depth understanding of business risk IT Governance Enterprise Risk Management Information security and local regulatory compliance requirement.
- Must have experience with the engagement and interacting with the financial regulator (BNM).
- Results driven with strategic qualities.
- High degree of integrity responsibility and ability to work with little supervision
Required Experience:
IC
Key Skills
- Splunk
- IDS
- Network security
- Computer Networking
- Identity & Access Management
- PKI
- PCI
- NIST Standards
- Security System Experience
- Information Security
- Encryption
- Siem
About Company
As Encora Inc. expands its footprint in Latin America, its acquisition of Nearsoft provides our clients with a unique chance to Nearshore on a global scale.
