Job Description
For MALAYSIANS only
Role Description :
As a technical SME for Governance, Risk and Compliance (GRC), you will be expected to work with customers to assess and manage their risks in alignment with ISO31000. You will be expected to be familiar with ISO27001 or a similar standard (NIST, ISM, COBAT, etc).
You will be expected to able to assess controls, and provide advice to customers that is practical, and solution focused. (e.g., provide accurate estimates of effort required and work within those estimates).
You will be expected to measure compliance against company policy and provide audit liaison and reporting to senior management.
Responsibilities :
Assessing and applying security standards such as; ISO37000, PCI-DSS, ISO 27001, ISM, COBIT
Work through which controls are relevant, whether they are present in the project design / plans and whether there are compensating controls.
Provide advice/support for business impact assessments
Identification of information assets and determination on its value.
Identification of any risks to information.
Application of security measures to protect information.
Management of risks across information lifecycle.
Maintenance of the IT/InfoSec risk register.
Liaison with internal multifunctional teams, including Information Security, Technology, Infrastructure, Legal, Finance, etc.
Experience and Qualifications :
Security Governance, Risk and Compliance (GRC)
Infrastructure, Networking or Architecture
Project and Third-Party risk assessments
Security Operations
ISACA (CISA, CISM)
GIAC (SANS Training)
ISC2 CISSP
Cisco e.g. CCNA, CCNP
