Cybersecurity Lead

Join us in being a Pos Malaysia Wira!

At Pos Malaysia, we are passionate about building trust to connect lives and businesses for a better tomorrow. As we transform this incredible 200-year-old business, we are seeking a highly motivated, engaged, and driven individual to join our team. If you are excited by transformation and the significant opportunity it represents, we encourage you to apply.

Responsibilities:

Own It:

• Develop, champion, and execute the enterprise-wide cybersecurity strategy and roadmap, aligning with business objectives, risk appetite, and the evolving threat landscape in Malaysia and globally.
• Serve as the primary subject matter expert and advisor to senior leadership on all cybersecurity, risk management, and data privacy matters relevant to the Malaysian context.
• Establish, mature, and enforce information security policies, standards, and guidelines that address current and emerging cyber risks and local regulatory requirements.
• Drive continuous improvement of the cybersecurity posture through strategic initiatives and technological advancements.
• Design, implement, and operate a robust Information Security Risk Management framework, including reporting on key risk indicators (KRIs) and mitigation effectiveness.
• Oversee and coordinate internal and external security audits, driving remediation efforts for identified gaps.
• Oversee the security operations function, ensuring effective monitoring, detection, and analysis of security events using advanced SIEM, EDR, and threat intelligence platforms.
• Lead and manage the full lifecycle of cybersecurity incidents, from initial detection and containment to eradication, recovery, and post-incident analysis, ensuring timely communication and minimal business disruption.
• Develop, test, and refine comprehensive incident response plans, disaster recovery plans, and business continuity plans.
• Drive proactive threat hunting, forensic analysis, and security investigations to identify sophisticated threats and adversarial tactics.
• Manage, optimize, and integrate a diverse portfolio of security technologies, including network firewalls, web application firewalls (WAF), intrusion prevention systems (IPS), data loss prevention (DLP), identity and access management (IAM), privileged access management (PAM), and cloud security platforms.
• Oversee security due diligence for third-party engagements.

Build Trust:

• Communicate with internal and external stakeholders on project status, deliverables, and overall project plans.
• Coordinate with cross-functional teams (Engineers, Product Managers, Analysts, other TPMs) to ensure timely and effective execution.
• Foster strong relationships with stakeholders and build consensus on project goals and priorities.
• Lead end-to-end cyber risk assessments, including threat modeling, vulnerability management, and third-party risk assessments, to identify, analyze, and prioritize organizational risks.

One Team:

• Drive effective collaboration with IT operations, development teams, business units, and external vendors to embed security awareness and accountability across the organization.

• Mentor and develop a high-performing team of cybersecurity specialists, fostering a culture of technical excellence, continuous learning, and innovation.

• Develop and deliver tailored security awareness and training programs for all employees, cultivating a strong security-conscious culture.
• Continuously find ways to help teams and the organization improve ways of working.

Move Fast:

• Thrive in a fast-moving transformation environment.
• Adapt, simplify, and act quickly based on business needs.
• Prioritize multiple, high-priority projects in a fast-paced environment.

Delight Customers:

• Ensure projects deliver value to internal and external customers.
• Contribute to a customer-centric approach in project delivery.

Drive Innovation:

• Stay abreast of industry trends, emerging technologies & best practices.
• Continuously identify opportunities to improve team and promoting efficiency and effectiveness.
• Drive continuous improvement of the cybersecurity posture through strategic initiatives and technological advancements.

Job Requirements:

• Minimum of 10-15 years of progressive experience in information security, with at least 5-7 years in a senior leadership role (e.g., Head of InfoSec, CISO, Senior Manager of Security).
• Proven experience leading and managing information security programs in Malaysia, with a strong understanding of the local regulatory landscape.
• Relevant industry certifications are highly desirable (e.g., CISSP, CISM, CISA, CRISC, CCSP).
• Deep understanding of information security frameworks and standards (e.g., ISO 27001, NIST, COBIT, PCI-DSS).
• Strong technical acumen across various security domains (e.g., network security, application security, cloud security, data security, incident response, vulnerability management).
• Experience with security technologies and tools (e.g., SIEM, EDR, firewalls, DLP, WAF, cloud security platforms).
• Excellent leadership, strategic thinking, problem-solving, and decision-making skills.
• Exceptional communication, interpersonal, and stakeholder management skills.
• Ability to work under pressure and manage multiple priorities in a dynamic environment.
• Familiarity with secure software development lifecycle (SDLC) and DevSecOps principles.
• Experience in managing cybersecurity budgets (CAPEX and OPEX).