Manager, Compliance & Risk Management

Life at U Mobile

We are Passionate, Innovative, Trustworthy, Team-Oriented & Fun-Loving.

At U Mobile, we are always on the lookout for great talents and passionate individuals to join our growing team.

Let's start your journey with an award-winning organization!

#UnbeatableCareerAwaits

Top Reasons To Join Us!

Awarded For

o Most Preferred Employers in Telecommunication Industry (2022, 2023 & 2024)

o Bronze Winner in Cross-Generational Workforce Engagement (2024)

o Gold Winner for Excellence in Workplace Culture (2021)

Comprehensive medical, dental, optical and insurance benefits

Flexi working hours arrangements

Staff Line & Device Subsidy

Smart Casual Attire

Child Parental Care Leave

Convenient location with access to public transport (Imbi Monorail/Bukit Bintang MRT)

Special employee discounts for selected F&B Brands

Role

The Day-To-Day Activities

1. Compliance Oversight for IT & Network Core

Ensure compliance with regulatory and industry requirements applicable to telco and IT environments (e.g., MCMC regulations, PDPA, ISO 27001, ISO 22301, PCI DSS and other applicable industry requirements).

Assist Network Division compliance audits on IT infrastructure, IP/PS Core elements, EPC/5GC, IMS, DNS, CGNAT, firewall systems, and network management platforms.

Assist Technology Governance unit to maintain technical policies and standards covering IT, network security, change management, access control, and service continuity.

Assist Technology Governance unit on tracking the audit findings and ensure timely closure with technical teams.

2. Technology & Network Risk Management

Assist on identifying and assess risks across IT systems and telecom core platforms (e.g., packet core, signalling, routing, subscriber databases).

Maintain and update technology risk registers, focusing on cybersecurity, network outages, capacity risks, IT vendor dependency, and system obsolescence.

Coordinate and manage deep-dive risk reviews for critical platforms (PCRF, HSS/UDM, UPF/SGW/PGW, IP/MPLS backbone, AAA, DNS, etc.) led by Enterprise Risk Management.

Evaluate risks related to information security, information systems, network & infrastructure upgrades, migrations, virtualization (NFV, Hypervisor, Cloud), and cloud transformations.

3. Internal Controls & Monitoring

Establish technical controls aligned with ISO 27001 Annex A, NIST CSF, CIS benchmarks, and telco-grade operational standards.

Conduct periodic validation of controls such as:

o Access and privilege management (IT & network)

o Configuration hardening for routers, firewalls, EPC/5GC nodes

o Patch & vulnerability management

o Change and release management

o Logging, monitoring, and cyber event correlation

Review system logs, change records, and security Alerts for compliance adherence.

4. Policy, Standards & Governance

Assist Technology Governance unit to develop and maintain policies specific to IT and network environments, not limited to the below:

o IT Security Policy

o Critical System Access Policy

o IT General Controls (ITGC)

o Other sub-category of policies

Support governance committees (Risk Committee, Security Council, Audit Committees).

5. Incident & Problem Management Compliance

Assess compliance errors and control lapses contributing to network or IT incidents.

Participate in incident investigations involving outages, security events, or service disruptions impacting IT and core network functions.

Assist on review RCA (root cause analysis) reports for completeness and compliance requirements.

6. Vendor, Third-Party & Regulatory Compliance

Evaluate risks for third-party systems, managed services partners (e.g., MSS, NOC outsourcing), and vendors for core equipment.

Ensure contractual compliance for IP/PS core components and IT infrastructure.

Work with regulators (e.g., MCMC) during audits, investigations, and compliance reporting.

7. Reporting & Stakeholder Management

Prepare compliance dashboards, risk reports, and network/IT governance updates for senior leadership.

Provide briefings to Cybersecurity, IT Ops, Network Engineering, and regulatory teams.

Deliver training and awareness on compliance requirements specific to IT and telecom networks.

About You

Education

Bachelor's degree in Information Technology, Telecommunications, Engineering, Cybersecurity, or related field.

Master's degree is an advantage.

Professional Certifications (Preferred)

ISO 27001 LA/LI

CRISC / CISM

CCNA/CCNP (Security or Routing/Switching)

5G/4G Core certifications (Nokia, Ericsson, Huawei, Cisco SPCore)

ITIL, COBIT

Experience

8+ years in compliance, risk, audit, or security roles within IT or telco environments.

Strong understanding of IP/MPLS, EPC/5GC, IMS, DNS, CGNAT, firewalls, and IT infrastructure.

Experience with regulatory requirements for telco networks and IT systems.

Technical Skills

Strong knowledge of IP networking, packet core architecture, and network security principles.

Familiarity with EPC/5GC elements such as MME/AMF, SGW/UPF, PGW/SMF, PCRF/PCF, HSS/UDM.

Understanding of virtualization and cloud (NFV/SDN, OpenStack, VMware).

Knowledge of IT General Controls (if applicable), and IT risk frameworks (ISO, NIST).

Ability to interpret and assess technical logs, configurations, and architecture diagrams.

Key Competencies

Strong analytical and risk assessment skills

Ability to work with highly technical teams

Excellent documentation and reporting skills

High integrity and accountability

Strong stakeholder management across IT, Network, and Cybersecurity

Key Personal Personalities and attributes

1. Detail Oriented and Meticulous

Able to scrutinize configurations, logs, policies, and technical documents with high precision.

Notices discrepancies or compliance gaps that others may miss.

2. Strong Analytical and Critical Thinking

Can break down complex network/system issues and assess risk impact clearly.

Able to evaluate both technical and non technical information objectively.

3. High Integrity and Ethical Mindset

Compliance requires strong moral principles, especially when challenging decisions or raising findings.

Must be trusted by management and technical teams.

4. Calm and Composed Under Pressure

Suitable for environments where outages, escalations, or regulator engagements can be high stress.

Able to respond rationally during incidents or compliance reviews.

5. Assertive Yet Collaborative

Confident enough to challenge engineers, vendors, and managers when standards or policies are not met.

Able to influence without authority while maintaining good working relationships.

6. Inquisitive and Curious

Comfortable asking Why and What if to uncover hidden risks.

Naturally probes deeper into configurations, technical processes, and system designs.

7. Excellent Communication Skills

Can translate technical issues into clear risk/compliance language for management.

Able to guide engineers on compliance expectations without appearing obstructive.

8. Highly Organized and Structured

Comfortable managing risk registers, audit evidence, control testing cycles, and policy updates.

Prioritizes well, especially during multi-audit or multi-project periods.

9. Tech Savvy With a Learning Mindset

Comfortable understanding how EPC/5GC, IP/MPLS, firewall systems, or IT infrastructure works.

Always willing to learn new technologies or regulatory requirements.

10. Objective and Unbiased

Makes assessments based on facts and evidence, not personal opinions or politics.

Can provide fair evaluations during audits or risk assessments.

11. Resilient and Patient

Compliance roles often face resistance; persistence and patience are key.

Able to handle pushback from technical teams while holding the ground diplomatically.

12. Problem Solver Who Seeks Practical Solutions

Avoids paper compliance; instead identifies actionable, realistic solutions.

Works with engineers to close gaps without disrupting operations.

13. Confidential and Discreet

Handles sensitive datanetwork vulnerabilities, security findings, vendor assessments, etc.

Maintains strict confidentiality and discretion.

#LA-RA1

What's Next

Once you have applied online, our team will review your application and due to a high volume of applications, only shortlisted candidates will be notified.