Bachelor's Degree in Computer Science, Information Technology, or equivalent qualifications
Minimum 4-6 years of relevant experience in IT Security technical project management and implementation
Advanced capability in designing and delivering secure architecture solutions, with a strong foundation in applying security-by-design principles across enterprise systems, applications including on-premise, cloud and hybrid infrastructure.
Strong analytical and problem-solving skills with the ability to collaborate effectively in a team environment
Hands-on experience architecting, implementing security devices and products in complex, large-scale environments
Proven experience evaluating and selecting security technologies, developing strategies, and applying industry best practices
Solid understanding of information security frameworks, standards, and compliance requirements ith the ability to embed them into practical architecture and governance models (e.g. NIST CSF, ISO/IEC 27001, SABSA, or TOGAF)
Familiarity with Malaysian regulatory requirements, such as BNM RMiT, PDPA, and PCI DSS
Experience coordinating and work effectively with cross-functional teams, vendors, and third-party stakeholders (e.g. enterprise architects, application owners, infrastructure teams, and third-party vendors) to deliver secure, integrated solutions.
Demonstrated ability to lead end-to-end delivery of cybersecurity initiatives from requirements gathering through to operational handover, including active involvement in system go-lives and escalation management (e.g., SIEM, XDR, PAM, Cloud Security, Security enhancements and upgrades)
Ability to manage multiple tasks and priorities in a fast-paced, dynamic environment and capable of driving tasks from initiation to completion with minimal supervision
Hands-on knowledge of cloud security (AWS/Azure/GCP), identity and access management (IAM), zero trust architecture, and familiarity with DevSecOps or agile delivery environments.
Excellent written and verbal communication skills in both English and Bahasa Malaysia
Ability to prepare and present clear reporting on project status, risks, and mitigation plans to stakeholders and senior management
Proactive learner with a willingness to share knowledge and coach team members
Experience in a regulated industry, especially banking or financial services, is a strong advantage
Responsibilities
Support Strategic Cybersecurity Initiatives - Assist the Manager of Security Technology & Project Delivery in driving enterprise-wide cybersecurity initiatives, ensuring alignment with KWSP's strategic objectives and regulatory expectations.
Design and Implement Security Architectures - Develop, recommend, and implement secure architecture frameworks and technologies that support evolving business needs while addressing emerging cyber threats and industry best practices.
Lead Full Lifecycle Security Architecture - Manage the end-to-end lifecycle of security architecture initiatives — from strategic planning, requirements gathering, and solution design to secure implementation and smooth operational handover — embedding security requirements at every stage.
Align Security with Enterprise Strategy - Translate business and digital transformation strategies into practical and actionable security architecture blueprints, ensuring alignment with KWSP's future-state architecture, risk posture, and compliance mandates.
Ensure Technical Consistency and Compliance - Validate that all security architecture components and project implementations adhere to approved technical standards, architectural principles, and enterprise platforms — promoting reuse, consistency, and secure-by-design outcomes.
Drive Cross-Functional Collaboration - Collaborate with enterprise architects, infrastructure and application teams, and third-party vendors to co-create secure solutions that integrate seamlessly across environments and adhere to cybersecurity governance policies.
Enable Secure Project Execution - Provide critical architectural support during key project milestones — including go-lives, system transitions, and escalations — ensuring secure and uninterrupted implementation of solutions. Be available for after-hours support as necessary during high-impact activities.
