JOB SUMMARY
The Head of Unit, Network & Security is responsible for the strategic leadership, governance, and operational management of enterprise network and cybersecurity functions across Air Selangor.
This role ensures the availability, integrity, and security of all network, communication, and security infrastructure supporting critical water utility operations. The incumbent will lead initiatives in network modernisation, cybersecurity resilience, regulatory compliance, and incident response, while aligning technology capabilities with organisational priorities.
The position also plays a key role in risk management, business continuity, and cyber defence strategy, ensuring the organisation remains resilient against evolving threats.
KEY DUTIES AND RESPONSIBILITIES
i) Strategic Leadership & Governance
- Develop and execute enterprise-wide Network & Cybersecurity Strategy aligned with IT and business objectives
- Define and enforce security policies, standards, and governance frameworks
- Lead technology roadmap planning for network, cloud connectivity, and security architecture
- Drive Zero Trust, Secure Access, and network segmentation initiatives
ii) Network & Security Architecture
- Oversee design and implementation of secure, scalable, and resilient network architectures (WAN, LAN, WLAN, DC, Cloud)
- Approve and govern secure configurations, baselines, and architecture standards
- Ensure high availability (HA), redundancy, and disaster recovery readiness
- Lead adoption of modern architectures (SASE, SD-WAN, ZTNA, cloud-native security)
iii) Cybersecurity Operations & Threat Management
- Oversee SOC-related activities, SIEM monitoring, and threat intelligence integration
- Ensure effective deployment of firewalls, IDS/IPS, WAF, DDoS protection, VPN, NAC solutions
- Establish continuous monitoring capability across IT and OT environments
- Strengthen threat detection, response, and proactive hunting capabilities
iv) Incident Response & Crisis Management
- Lead development and execution of Incident Response Plan (IRP)
- Act as incident commander during major cybersecurity or network incidents
- Conduct post-incident review, forensic investigation, and root cause analysis
- Ensure alignment with Business Continuity Plan (BCP) and Disaster Recovery (DR)
v) Risk Management & Compliance
- Perform cybersecurity risk assessments and vulnerability management
- Maintain compliance with ISO 27001, NIST CSF, PDPA, NACSA guidelines, and relevant regulations
- Manage audit processes (internal/external) and ensure closure of findings
- Integrate cybersecurity into enterprise risk management (ERM)
vi) Infrastructure & Service Management
- Ensure network availability target (≥99.7%) and service reliability
- Oversee preventive maintenance, lifecycle management, and capacity planning
- Implement ITSM best practices (ITIL) for incident, problem, and change management
- Monitor and improve service performance and SLAs
vii) Digital Transformation & Innovation
- Drive adoption of cloud networking and security (Azure, hybrid environments)
- Enable secure integration of enterprise systems, OT/SCADA, and IoT devices
- Explore AI-driven security operations (SOAR, automation, analytics)
- Introduce network telemetry, observability, and automation tools
viii) Enterprise Security Integration
- Ensure seamless integration with:
- Identity (Entra ID/IAM)
- SOC/SIEM
- Endpoint and cloud security platforms
- Support cross-platform logging, correlation, and incident visibility
ix) Vendor & Stakeholder Management
- Manage relationships with technology vendors, telcos, and security providers
- Lead technical evaluation, procurement, and contract governance
- Coordinate with internal stakeholders (IT, operations, legal, HR, risk, and compliance)
- Ensure vendor deliverables meet security and performance requirements
x) Financial & Resource Management
- Develop and manage annual budget for network and security initiatives
- Optimise cost vs. risk vs. performance trade-offs
- Justify investments through risk reduction and business impact analysis
- Oversee contract administration, billing, and cost control
xi) Team Leadership & Capability Development
- Lead and develop a high-performing network and cybersecurity team
- Define roles, KPIs, and performance objectives
- Provide technical mentoring and competency development pathways
- Build capability in SOC operations, cloud security, and advanced networking
xii) General responsibilities
- Undertake tasks assigned by supervisors or management as required
- Participate in on-call support rotation when required
PERSON SPECIFICATION
Minimum Qualifications
- Bachelor's Degree in Computer Science / Engineering / Telecommunications or equivalent
- Minimum 5–8 years in network and/or cybersecurity operations.
- Experience in critical infrastructure or utility environment is an advantage.
- Proven experience in leading technical teams and managing enterprise environments.
Knowledges, Skills & Abilities
- Strong knowledge in: Enterprise networking (WAN, LAN, VPN, wireless), Network security architecture and controls, Routing & switching protocols
- Familiarity with: SOC / SIEM, cloud security, identity security
- Preferred certifications: CCNP / CCIE, CISSP, CISM, CEH, ITIL
- Strong leadership, communication, and stakeholder management
- Analytical, risk-based decision-making capability
- Ability to operate in high-pressure incident scenarios
- Strong project and programme management capability
