Senior Specialist, Compliance & Risk Management

Life at U Mobile

We are Passionate, Innovative, Trustworthy, Team-Oriented & Fun-Loving.

At U Mobile, we are always on the lookout for great talents and passionate individuals to join our growing team.

Let's start your journey with an award-winning organization!

#UnbeatableCareerAwaits

Top Reasons To Join Us!

• Awarded For
• Most Preferred Employers in Telecommunication Industry (2022, 2023 & 2024)
• Bronze Winner in Cross-Generational Workforce Engagement (2024)
• Gold Winner for Excellence in Workplace Culture (2021)
• Comprehensive medical, dental, optical and insurance benefits
• Flexi working hours arrangements
• Staff Line & Device Subsidy
• Smart Casual Attire
• Child Parental Care Leave
• Convenient location with access to public transport (Imbi Monorail/Bukit Bintang MRT)
• Special employee discounts for selected F&B Brands
  
  

Role

The Day-To-Day Activities

• Compliance Oversight for IT & Network Core
• Ensure compliance with regulatory and industry requirements applicable to telco and IT environments (e.g., MCMC regulations, PDPA, ISO 27001, ISO 22301, PCI DSS and other applicable industry requirements).
• Assist Network Division compliance audits on IT infrastructure, IP/PS Core elements, EPC/5GC, IMS, DNS, CGNAT, firewall systems, and network management platforms.
• Assist Technology Governance unit to maintain technical policies and standards covering IT, network security, change management, access control, and service continuity.
• Assist Technology Governance unit on tracking the audit findings and ensure timely closure with technical teams.
• Technology & Network Risk Management
• Assist on identifying and assess risks across IT systems and telecom core platforms (e.g., packet core, signalling, routing, subscriber databases).
• Maintain and update technology risk registers, focusing on cybersecurity, network outages, capacity risks, IT vendor dependency, and system obsolescence.
• Coordinate and manage deep-dive risk reviews for critical platforms (PCRF, HSS/UDM, UPF/SGW/PGW, IP/MPLS backbone, AAA, DNS, etc.) led by Enterprise Risk Management.
• Evaluate risks related to information security, information systems, network & infrastructure upgrades, migrations, virtualization (NFV, Hypervisor, Cloud), and cloud transformations.
• Internal Controls & Monitoring
• Establish technical controls aligned with ISO 27001 Annex A, NIST CSF, CIS benchmarks, and telco-grade operational standards.
• Conduct periodic validation of controls such as:
• Access and privilege management (IT & network)
• Configuration hardening for routers, firewalls, EPC/5GC nodes
• Patch & vulnerability management
• Change and release management
• Logging, monitoring, and cyber event correlation
• Review system logs, change records, and security Alerts for compliance adherence.
• Policy, Standards & Governance
• Assist Technology Governance unit to develop and maintain policies specific to IT and network environments, not limited to the below:
• IT Security Policy
• Critical System Access Policy
• IT General Controls (ITGC)
• Other sub-category of policies
• Support governance committees (Risk Committee, Security Council, Audit Committees).
• Incident & Problem Management Compliance
• Assess compliance errors and control lapses contributing to network or IT incidents.
• Participate in incident investigations involving outages, security events, or service disruptions impacting IT and core network functions.
• Assist on review RCA (root cause analysis) reports for completeness and compliance requirements.
• Vendor, Third-Party & Regulatory Compliance
• Evaluate risks for third-party systems, managed services partners (e.g., MSS, NOC outsourcing), and vendors for core equipment.
• Ensure contractual compliance for IP/PS core components and IT infrastructure.
• Work with regulators (e.g., MCMC) during audits, investigations, and compliance reporting.
• Reporting & Stakeholder Management
• Prepare compliance dashboards, risk reports, and network/IT governance updates for senior leadership.
• Provide briefings to Cybersecurity, IT Ops, Network Engineering, and regulatory teams.
• Deliver training and awareness on compliance requirements specific to IT and telecom networks.
  
  

About You

Education

• Bachelor's degree in Information Technology, Telecommunications, Engineering, Cybersecurity, or related field.
• Master's degree is an advantage.
  
  

Professional Certifications (Preferred)

• ISO 27001 LA/LI
• CRISC / CISM
• CCNA/CCNP (Security or Routing/Switching)
• 5G/4G Core certifications (Nokia, Ericsson, Huawei, Cisco SPCore)
• ITIL, COBIT
  
  

Experience

• 8+ years in compliance, risk, audit, or security roles within IT or telco environments.
• Strong understanding of IP/MPLS, EPC/5GC, IMS, DNS, CGNAT, firewalls, and IT infrastructure.
• Experience with regulatory requirements for telco networks and IT systems.
  
  

Technical Skills

• Strong knowledge of IP networking, packet core architecture, and network security principles.
• Familiarity with EPC/5GC elements such as MME/AMF, SGW/UPF, PGW/SMF, PCRF/PCF, HSS/UDM.
• Understanding of virtualization and cloud (NFV/SDN, OpenStack, VMware).
• Knowledge of IT General Controls (if applicable), and IT risk frameworks (ISO, NIST).
• Ability to interpret and assess technical logs, configurations, and architecture diagrams.
  
  

Key Competencies

• Strong analytical and risk assessment skills
• Ability to work with highly technical teams
• Excellent documentation and reporting skills
• High integrity and accountability
• Strong stakeholder management across IT, Network, and Cybersecurity
  
  

Key Personal Personalities and attributes

• Detail Oriented and Meticulous
• Able to scrutinize configurations, logs, policies, and technical documents with high precision.
• Notices discrepancies or compliance gaps that others may miss.
• Strong Analytical and Critical Thinking
• Can break down complex network/system issues and assess risk impact clearly.
• Able to evaluate both technical and non technical information objectively.
• High Integrity and Ethical Mindset
• Compliance requires strong moral principles, especially when challenging decisions or raising findings.
• Must be trusted by management and technical teams.
• Calm and Composed Under Pressure
• Suitable for environments where outages, escalations, or regulator engagements can be high stress.
• Able to respond rationally during incidents or compliance reviews.
• Assertive Yet Collaborative
• Confident enough to challenge engineers, vendors, and managers when standards or policies are not met.
• Able to influence without authority while maintaining good working relationships.
• Inquisitive and Curious
• Comfortable asking Why and What if to uncover hidden risks.
• Naturally probes deeper into configurations, technical processes, and system designs.
• Excellent Communication Skills
• Can translate technical issues into clear risk/compliance language for management.
• Able to guide engineers on compliance expectations without appearing obstructive.
• Highly Organized and Structured
• Comfortable managing risk registers, audit evidence, control testing cycles, and policy updates.
• Prioritizes well, especially during multi-audit or multi-project periods.
• Tech Savvy With a Learning Mindset
• Comfortable understanding how EPC/5GC, IP/MPLS, firewall systems, or IT infrastructure works.
• Always willing to learn new technologies or regulatory requirements.
• Objective and Unbiased
• Makes assessments based on facts and evidence, not personal opinions or politics.
• Can provide fair evaluations during audits or risk assessments.
• Resilient and Patient
• Compliance roles often face resistance; persistence and patience are key.
• Able to handle pushback from technical teams while holding the ground diplomatically.
• Problem Solver Who Seeks Practical Solutions
• Avoids paper compliance; instead identifies actionable, realistic solutions.
• Works with engineers to close gaps without disrupting operations.
• Confidential and Discreet
• Handles sensitive datanetwork vulnerabilities, security findings, vendor assessments, etc.
• Maintains strict confidentiality and discretion.
  
  

#LA-RA1

What's Next Once you have applied online, our team will review your application and due to a high volume of applications, only shortlisted candidates will be notified.