Information and Network Security GRC Senior Specialist

Are you ready to get ahead in your career

• We want to empower you to turn your ambitions into achievements.
• We thrive in inclusiveness, diversity and embrace close collaborations for you to create impact for yourself and others.
• Together, we aim to bring the best of technology to help people, businesses and the nation to be ahead in a changing world.
• To realise our vision to become Malaysia's leading converged solutions company, we are looking for a new talent to innovate and grow with us in a culture that values commitment, performance and possibilities.

Why does this job exist and why is it critical

1.INS / CoP Compliance (NCII): Own the INS/CoP control baseline for critical systems across ISD and Telco Network maintain the critical systems inventory, scope and control mapping embed Technology & Cyber Risk Management and Cyber Resilience requirements into technical and procedural controls and SLAs.

2.Management, Regulatory & Board Reporting: Coordinate regulatory submissions (e.g., monthly/halfyearly dashboards, incident notifications) and provide updates to senior governance bodies (e.g., TGC, ARC) track feedback and actions to closure.

3.ISO/IEC 27001 (ISMS) Governance: Act as control owner/coowner for applicable Annex A controls maintain accurate SoA, risk treatment plans, audit evidence support internal/external ISMS audits, surveillance, and certification activities.

4.ThirdParty Risk Management (TPRM): Run endtoend TPRM: vendor tiering, security questionnaires, evidence review, risk scoring, contractual security clauses (Cybersecurity General Policy & Consequence Management), tracking, and escalations for nonresponsive or highrisk vendors. Ensure subcontractors inherit Maxis security obligations.

5.Control Testing & Assurance: Plan and perform control testing, walkthroughs and sampling for INS/CoP, PDP, ISO 27001, and TPRM controls produce clear findings and riskbased remediation plans with accountable owners and target dates.

6.Metrics, KRIs & Dashboards: Develop and maintain compliance dashboards/metrics (INS/CoP, PDP, ISO 27001, TPRM). Present KRIs/KPIs to management forum, Technology Governance Committee (TGC) and ARC ensure single source of truth for audit/regulatory evidence.

7.Incident & Resilience Enablement: Advise on incident classification, regulatory notification criteria and evidence capture for ISD & Network ensure playbooks and runbooks reflect INS/CoP expectations and resilience targets (RTO/MTD).

What's next

• Once you've applied online, our team will carefully review your application. Due to a high volume of applications, we appreciate your patience to allow for a fair and timely review process.
• Should you be shortlisted for the role, we will send you an invitation via email for a digital interview. You can also check on your application status by logging into your candidate account.

Maxis values diverse voices & people. We hire and reward our employees based on capability & performance - regardless of ethnicity, gender, age, education, religion, nationality or physical ability.