Search by job, company or skills

paynet (payments network malaysia)

Principal Specialist, Cyber & Technology Risk (Cyber Risk)

paynet (payments network malaysia)
Malaysia, Kuala Lumpur
8-10 Years
Save
new job description bg glownew job description bg glownew job description bg svg
  • Posted 13 hours ago
  • Be among the first 10 applicants
Early Applicant

Job Description

About PayNet: At PayNet, your work doesn't just move money, it moves a nation.

We make every payment count toward Malaysians shared prosperity by powering the platforms millions use every day, from DuitNow and FPX to MyDebit and JomPAY. Our systems keep Malaysia's digital economy running securely, seamlessly, and inclusively, whether you're tapping, transferring, paying bills, or expanding a business. If you're excited about creating impact at a national scale and shaping how Malaysia pays, connects, and progresses, you'll fit right in.

About the Risk & Compliance Division: The Risk & Compliance Division provides independent oversight to safeguard PayNet's operations, resilience, and regulatory standing. The Division establishes and maintains enterprise‑wide risk and compliance frameworks to ensure risks are proactively identified, assessed, monitored, and managed in line with PayNet's strategy, Board‑approved risk appetite, and regulatory expectations.

Summary of responsibility: As a Principal Specialist in Cyber & Technology Risk, you are responsible for leading PayNet's cyber risk governance, strategy, and regulatory compliance to ensure alignment with Board risk appetite and applicable regulatory requirements. The role provides independent enterprise‑wide oversight of cybersecurity risks across PayNet and its Participant ecosystem, and is responsible for reporting to Senior Management, the Board and regulators. You serve as a trusted advisor to stakeholders on cyber and information security matters, supports incident management and regulatory notification readiness, and drives continuous improvement in cyber risk maturity, control effectiveness, and closure of audit and regulatory findings.

Key Responsibilities

  • Establish and maintain cyber risk governance framework, policies, standards to ensure alignment with PayNet's strategy, Board risk appetite, and regulatory requirements.
  • Establish, maintain, and continuously enhance a centralised cyber risk dashboard to provide timely, risk-based visibility of PayNet's cybersecurity posture, including Key Risk Indicators (KRIs), risk trends, to support informed decision-making by management and governance committees.
  • Lead the regulatory and standards-based compliance assessments for cybersecurity risk (e.g., BNM RMiT, NACSA regulations and directives, ISO/IEC 2700x, PCI-DSS and other regulatory requirements, where applicable), including gap analysis, remediation tracking, and reporting to management and governance committees.
  • Lead the development and execution of PayNet's cybersecurity strategy, ensuring the successful implementation of cybersecurity initiatives across relevant stakeholders.
  • Oversee and monitor cybersecurity risk across PayNet's Participant ecosystem, providing independent risk oversight and identification of material risks.
  • Assess adequacy, effectiveness and relevance of security controls through various assessment methods and approaches.
  • Provide technical and risk advisory on cyber and information security matters to internal stakeholders.
  • Support incident management and regulatory notification readiness, including incident classification, trigger assessment, lessons learned, and post‑incident assurance.
  • Prepare and present cyber risk reporting to senior management, Board-level committees, and regulators, including KRIs, risk trends, material risk exposures, and status of audit/regulatory issues.
  • Drive continuous improvement in cyber risk maturity and compliance, including policy enhancements, control uplift initiatives, awareness programmes, and timely closure of audit and regulatory findings.

What will make you successful

  • Degree in Information Technology (IT), Information Security or other related disciplines with relevant experience in managing cyber and technology risk in financial market infrastructures, critical national infrastructure, military, security intelligence or equivalent.
  • 8 to 10 years of cyber and technology governance, risk and compliance or information security experience.
  • Experience in various regulatory requirements such as BNM RMiT, Cyber Security Act 2024, NACSA Regulations and Directives, ISO27001, MAS Technology Risk Management Guidelines, National Institute of Standards and Technology (NIST), Centre for Internet Security (CIS), FMI Cyber Resilience Guidelines or equivalent.
  • Strong critical and analytical thinking skills, with the ability to communicate risk clearly and collaborate effectively with stakeholders.

Advantage To Have

  • Relevant professional certifications such as CISSP, CISM, CISA, ISO/IEC 27001 Lead Auditor, or equivalent would be an advantage.
  • Strong understanding of end-to-end cybersecurity and technology operations, and how cybersecurity interfaces with business functions, risk management, and compliance processes.
  • Fluency in both written and spoken English is required for this position.
  • Thorough understanding of end-to-end IT operations and how IT interfaces with business, risk management and compliance processes and cyber security

More Info

Job Type:
Permanent Job
Industry:
Other
Function:
Cybersecurity
Employment Type:
Full time

Job ID: 146404799

Jobs by Skill - IT
Jobs by Skill - Non IT
International Jobs
Last Updated: 26-04-2026 03:21:14 AM
Homejobs in MalaysiaPrincipal Specialist, Cyber & Technology Risk (Cyber Risk)

Similar Jobs

Security Architect

Mahindra Satyam

SAP FICO & Central Finance (CFIN) Consultant

Mindgraph Solutions Sdn Bhd

Risk Based Inspection Team Lead

Sbm Offshore

Customer Delivery Leader (Contract)

Telekom Malaysia
T

Application Support Analyst

Optimum Solutions (Singapore) Pte Ltd.
Early Applicant