Infrastructure Information Security Manager


Job Location:

Kuala Lumpur - Malaysia

Monthly Salary: MYR 16000 - 20000
Experience Required: 5years
Posted on: 30+ days ago
Vacancies: 1 Vacancy

Job Summary

Position Summary
We are seeking an experienced Infrastructure Information Security Manager to lead govern and continuously enhance the security posture of our IT infrastructure for our financial institution. This role pivots away from standard IT operations to focus entirely on infrastructure security architecture threat defense and technology risk. The ideal candidate will balance hands-on security engineering with strategic planning security vendor management and strict adherence to regulatory compliance in a fast-paced highly regulated environment.

Key Responsibilities
Infrastructure Security Architecture & Operations
Own the end-to-end security architecture and defense-in-depth strategy for all enterprise infrastructure: networks servers virtualization cloud (AWS) Microsoft 365 and endpoints.
Design and implement infrastructure security roadmaps aligned with business growth zero-trust principles and digital transformation initiatives.
Establish and maintain comprehensive security monitoring and observability across all infrastructure layers to ensure rapid threat detection and response.
Partner with IT Infrastructure and DevOps teams to ensure security controls are embedded into the lifecycle of all IT assets (Secure by Design) without bottlenecking deployments.

Security Tooling & Controls
Oversee deployment operational health and fine-tuning of EDR solutions on endpoints and servers including containment actions (isolate kill quarantine) and SOC/IR coordination.
Manage and tune Web Application Firewalls (WAF) to protect critical internet-facing applications optimizing rules signatures rate limiting and bot/DoS protections.
Drive the integration of infrastructure and application logs with SIEM platforms ensuring optimal log coverage correlation rules dashboards and actionable alerting for infrastructure threats.
Implement and maintain File Integrity Monitoring (FIM) on critical systems to detect unauthorized changes and provide audit evidence.
Lead cloud security services (especially AWS) configuring IAM security monitoring threat detection compliance checks and workload protection.
Enforce consistent security policies across on-premise and cloud environments using CASB/SASE/ZTNA VPN DNS security DLP email gateways and next-gen network firewalls.
Drive comprehensive vulnerability management across all infrastructure components (OS middleware databases network devices cloud) tracking remediation SLAs with IT ops teams.

Regulatory Risk & Compliance Governance
Ensure infrastructure security controls fully comply with MAS Technology Risk Management (TRM) guidelines Cyber Hygiene notices and internal policies on confidentiality integrity and recoverability.
Act as the primary security liaison with Internal/External Audit Risk and Compliance teams regarding infrastructure security posture access reviews and remediation of audit findings.
Support cyber resilience and business continuity initiatives actively participating in security incident response tabletop exercises and post-incident forensic reviews.

Vendor Contract & Budget Management
Manage relationships with security vendors MSSPs and integrators; conduct regular service reviews track SLAs and drive continuous service improvements.
Negotiate contracts and renewals for security tooling; optimize costs and ensure appropriate support coverage.
Prepare and manage the annual infrastructure security budget (CAPEX/OPEX) tracking spend and reporting forecasts to senior management.

Team Leadership & Stakeholder Engagement
Lead mentor and develop a team of infrastructure security engineers and analysts; define responsibilities set goals and build modern security capabilities.
Act as the primary Information Security point-of-contact for IT Operations and business units; manage escalations and provide clear communication during security incidents.
Drive continuous improvement initiatives in security automation Infrastructure-as Code (IaC) scanning and overall security posture maturity.

Required Qualifications & Experience
Bachelors degree in Cybersecurity Computer Science Information Systems or equivalent.
812 years of progressive experience in Information Security with a strong specialization in infrastructure/cloud security and at least 35 years in a managerial or team lead capacity.
Proven experience working in financial services / banking / other regulated environments in broader APAC region.

Regulatory & Governance
Working knowledge of Singapore financial sector regulatory expectations (e.g. MAS TRM) and privacy requirements (PDPA).
Extensive experience facilitating security audits vulnerability assessments penetration testing and implementing sustainable security fixes.

Soft Skills
Strong leadership people management and coaching skills.
Excellent communication and stakeholder management; able to translate technical cyber risks into clear business language.
Structured process-driven with strong analytical and problem-solving skills.
Able to operate under pressure manage multiple priorities and make sound decisions during time-sensitive security events.

Preferred Qualifications
Professional security certifications are highly desired: CISSP CISM CCSP or equivalent.
Cloud-specific security certifications (e.g. AWS Certified Security - Specialty).
Experience with DevSecOps security automation and Infrastructure-as-Code concepts (Terraform CI/CD pipelines).
Deep familiarity with industry security frameworks and standards (e.g. ISO 27001 NIST CSF CIS Controls).


Working hours:
Mon to Fri 9am - 6pm


Required Skills:

Infrastructure Information Security Manager


Required Education:

degree / diploma

Position Summary We are seeking an experienced Infrastructure Information Security Manager to lead govern and continuously enhance the security posture of our IT infrastructure for our financial institution. This role pivots away from standard IT operations to focus entirely on infrastructure securi...