Job description:
Responsibilities:
Governance & Compliance:
- Develop, implement, and maintain security policies, procedures, and standards in line with industry best practices (ISO 27001, NIST, CIS, etc.).
- Ensure compliance with regulatory requirements (MAS TRMG, CCoP).
- Assist in internal audits and security assessments to identify gaps and recommend corrective actions.
- Support third-party risk assessments and vendor security compliance.
Risk Management:
- Conduct risk assessments and identify potential security threats, vulnerabilities, and mitigation strategies.
- Develop and maintain a security risk register, tracking risk treatment plans and progress.
- Monitor emerging security threats and ensure proactive risk management strategies.
- Assist in business continuity and disaster recovery planning related to security risks.
Security Awareness & Training:
- Develop and deliver security awareness training programs for employees.
- Promote a culture of security by advising stakeholders on best practices.
Required Qualifications & Skills:
- Bachelor's degree in Cybersecurity, Information Security, IT, or a related field.
- 3+ years of experience in security governance, risk management, and compliance.
- Knowledge of industry security frameworks (NIST, etc.).
- Familiarity with regulatory requirements (MAS, CCoP).
- Experience with risk assessments, cybersecurity audits and compliance monitoring.
- Strong analytical and problem-solving skills.
- Excellent communication and stakeholder management skills.
- Relevant certifications such as CISSP, CISA or CRISC
