IT Cybersecurity GRC Specialist

About the Role

We are looking for a highly motivated and detail-driven IT Cybersecurity GRC Specialist to strengthen our governance, risk, and compliance framework across Malaysia, Singapore, and Thailand. This role is critical in ensuring that our regional operations meet international security standards and local regulatory requirements while enabling business growth securely. You will serve as a trusted advisor to stakeholders, bridging the gap between technical teams, business leaders, and regulators in a multi-jurisdictional environment.

Key Responsibilities

Regulatory Compliance: Monitor and ensure adherence to cybersecurity and data protection regulations, including Malaysia's PDPA 2010, Singapore's PDPA, Cybersecurity Act, MAS TRM, and Thailand's PDPA, as well as applicable international standards.

Risk Management: Lead periodic risk assessments, identify emerging threats, and implement appropriate mitigation strategies to reduce exposure across the regional IT and business environment.

Policy & Frameworks: Develop, implement, and maintain cybersecurity governance policies, standards, and procedures in alignment with best-practice frameworks (e.g., NIST, ISO 27001).

Audit & Assurance: Oversee internal and external audits, coordinate with auditors, and track remediation plans to ensure timely closure of compliance gaps.

Third-Party Risk: Assess and monitor the cybersecurity posture of vendors and partners, embedding security requirements into contracts and ongoing engagements.

Stakeholder Engagement: Collaborate with IT, Legal, Compliance, 3rd party SOC team, and business units to embed security and compliance into business processes and technology initiatives.

Awareness & Training: Deliver targeted security awareness and training programs to foster a security-first culture across the region.

Incident Response: Support incident response efforts, conduct post-incident reviews, and recommend improvements to strengthen resilience.

Reporting & Metrics: Produce clear, concise, and actionable reports for regional management and senior leadership, covering compliance status, risk posture, and audit outcomes.

Knowledge and Experience

Experience: Proven track record (5+ years preferred) in cybersecurity governance, risk, and compliance, with strong knowledge of Southeast Asia's regulatory landscape (Malaysia, Singapore, Thailand).

Education: Bachelor's degree in Information Security, Computer Science, or a related field.

Certifications: Recognized certifications such as CISSP, CISM, CRISC, or CISA strongly preferred.

Framework Expertise: Strong working knowledge of frameworks such as NIST CSF, ISO 27001/27002, and COBIT.

Technical Acumen: Familiarity with cybersecurity technologies (e.g., SIEM, endpoint protection, firewalls, DLP) to engage effectively with technical teams.

Communication: Excellent written and verbal communication skills, with the ability to translate technical risks into business impacts for executive and non-technical stakeholders.

Analytical Skills: Strong analytical mindset with the ability to identify risks, assess gaps, and recommend pragmatic solutions.

Work Ethic: Self-driven, detail-oriented, and capable of working independently, while thriving in a fast-paced, collaborative global team environment.