Assistant Manager, IT Security Analyst (Vulnerability Management

Life at U Mobile

We are Passionate, Innovative, Trustworthy, Team-Oriented & Fun-Loving.

At U Mobile, we are always on the lookout for great talents and passionate individuals to join our growing team.

Let's start your journey with an award-winning organization!

#UnbeatableCareerAwaits

Top Reasons To Join Us!

• Awarded For

o Most Preferred Employers in Telecommunication Industry (2022, 2023 & 2024)

o Bronze Winner in Cross-Generational Workforce Engagement (2024)

o Gold Winner for Excellence in Workplace Culture (2021)

• Comprehensive medical, dental, optical and insurance benefits

• Flexi working hours arrangements

• Staff Line & Device Subsidy

• Smart Casual Attire

• Child Parental Care Leave

• Convenient location with access to public transport (Imbi Monorail/Bukit Bintang MRT)

• Special employee discounts for selected F&B Brands

Role

The Day-To-Day Activities

Vulnerability Management

• Own the end-to-end vulnerability scanning cycle for infrastructure, endpoints, network devices, containers, and cloud workloads (scheduled and ad hoc).

• Tune scanners, maintain asset groupings and credentialed scans, ensure coverage, and reduce false positives.

• Triage and validate findings, assign severity based on CVSS, exploitability, business impact, and asset criticality.

• Coordinate remediation with platform, network, and application teams; track SLAs and exceptions; escalate overdue items.

• Manage patch verification and re-scan cycles; maintain a risk-accepted backlog with documented compensating controls.

• Produce executive and operational reports (e.g., vulnerability backlog trend, Mean Time To Remediate, exposure by asset class).

• Integrate vulnerability data into SIEM/SOAR/GRC for correlation and workflow automation where possible.

Security Compliance & Assurance

• Plan and execute periodic compliance checks against internal security policies/standards and external frameworks (e.g., ISO/IEC 27001/2, NIST CSF, CIS Controls, PCI DSS, SOC 2, MAS/TRM/BNM-RMiT as applicable).

• Perform control testing, evidence collection, sample-based reviews, and gap analysis; document findings and remediation plans.

• Support internal/external audits and certification activities; coordinate with control owners for timely closure of audit observations.

• Maintain policy-to-control-to-evidence mapping in GRC tools; ensure versioning and traceability.

IT Security Posture Management

• Maintain and enhance security posture metrics (e.g., vulnerability exposure, hardening compliance, privileged access hygiene, endpoint protection coverage, configuration drift).

• Oversee configuration baseline compliance (e.g., CIS benchmarks) for servers, endpoints, databases, cloud services, and network devices.

• Contribute to secure configuration standards and review change requests for security impact.

• Support risk assessments (systems, projects, vendors) and embed posture checks into onboarding and change processes.

• Provide concise, actionable dashboards and briefings to leadership and technology stakeholders.

Collaboration & Governance

• Support vulnerability remediation forums with Technology owners; drive issue resolution and risk decisions.

• Work with AppSec, Cloud, IT Ops, and SOC/Threat Intelligence to prioritize remediation based on real-world threats and business context.

• Develop SOPs, runbooks, and playbooks; deliver awareness and training to technical teams.

About You

Required Qualifications & Experience

• Bachelor's degree in Computer Science, Information Security, Engineering, or equivalent experience.

• 5–8 years in information security with strong experience in vulnerability management and security compliance.

• Hands-on with enterprise vulnerability scanners (e.g., Tenable, Qualys, Rapid7), and experience with credentialed scanning.

• Solid understanding of OS, network, cloud (AWS/Azure/GCP), and container security fundamentals.

• Experience testing and evidencing controls against at least one framework (e.g., ISO 27001, NIST CSF, CIS, PCI DSS).

• Familiarity with SIEM/SOAR, EDR, MDM, CMDB/asset management, patch management, and GRC platforms.

Preferred Certifications:

• Security: CISSP, CISM, Security+, CySA+

• Vulnerability/Blue Team: GMON, GCIH, GCDA, eJPT/eCPPT

• Cloud & Compliance: CCSP, Azure/AWS security certs, ISO 27001 Lead Implementer/Auditor, PCI ISA

Key Skills

• Strong analytical and risk-based prioritization skills; able to translate technical findings into business impact.

• Proficient in reporting and creating meaningful dashboards for both exec and technical audiences.

• Excellent stakeholder management, facilitation, and escalation handling.

• Scripting/automation (e.g., Python/PowerShell), API integrations for data extraction and workflow automation (bonus).

• Clear, concise communication and documentation.

#LA-RA1

What's Next

Once you have applied online, our team will review your application and due to a high volume of applications, only shortlisted candidates will be notified.