About Ancileo
Ancileo is a Singapore-headquartered B2B InsurTech company specialising in travel insurance technology across the Asia-Pacific region. With a Series A investment, Ancileo is entering an accelerated growth phase with a bold, tech-first mandate.
Our Malaysia entity is a key operational hub, and this role sits at the heart of keeping our systems secure, reliable, and scalable as we grow.
Role Summary
We are looking for a hands-on Security & System Administrator to own and manage Ancileo's IT infrastructure and security posture in Malaysia. You will be responsible for the day-to-day administration of our systems, networks, and cloud environments, while ensuring the organisation meets the security and compliance standards expected of a regulated InsurTech company. This is a foundational role you will build and maintain the systems that the entire team depends on.
Key Responsibilities
System Administration
- Manage and maintain cloud infrastructure (AWS / GCP / Azure) and on-premise servers
- Administer user accounts, permissions, and identity management (SSO, MFA, directory services)
- Oversee OS patching, software updates, and system performance monitoring
- Manage endpoint devices (laptops, mobile) via MDM solutions
- Configure and maintain internal collaboration tools (Google Workspace, Slack, Jira, Confluence)
- Set up and manage VPN, network configurations, and remote access infrastructure
- Implement and maintain backup and disaster recovery procedures
Security Administration
- Design and enforce the company's information security policies and access control framework
- Monitor systems for security incidents, vulnerabilities, and anomalous behaviour
- Manage firewalls, intrusion detection systems, and endpoint security tools
- Lead vulnerability assessments and coordinate timely patch management
- Conduct periodic security audits and support compliance reviews (ISO 27001, PDPA Malaysia, MAS TRM guidelines)
- Respond to and investigate security incidents; maintain incident response documentation
- Provide security awareness training and best-practice guidance to all staff
Compliance & Governance
- Ensure IT practices comply with Malaysia's Personal Data Protection Act (PDPA) and relevant insurance regulatory requirements
- Maintain IT asset inventory and software licensing records
- Support due diligence and audit requests from insurer partners and investors
- Document and maintain SOPs for all IT and security processes
- Own and maintain SOC 2 Type 2 certification coordinating evidence collection, liaising with auditors, and driving continuous compliance across all in-scope systems
- Lead the annual PCI DSS Type 1 certification process managing scope definition, remediation of findings, and coordination with Qualified Security Assessors (QSA)
- Manage and coordinate regular penetration testing exercises (infrastructure, application, and social engineering) scoping engagements, managing vendors, tracking remediation, and reporting findings to leadership
- Act as the primary point of contact for ad hoc customer security enquiries responding to security questionnaires, due diligence requests, and partner security assessments in a timely and professional manner
Requirements
Must-Have
- 5-7 years of experience in system administration, IT operations, or a combined IT/security role
- Hands-on experience with cloud platforms (AWS preferred; or Azure acceptable)
- Proficiency in Linux and Windows server administration
- Solid understanding of networking (eg. VPN, firewalls)
- Familiarity with identity and access management tools (Okta, Google Workspace Admin, or equivalent)
- Experience with endpoint security and MDM solutions
- Knowledge of information security frameworks (eg. SOC2)
- Strong documentation habits and a process-first mindset
Nice-to-Have
- Experience in a regulated industry (InsurTech, FinTech, financial services)
- Familiarity with Malaysia PDPA compliance requirements
- Security certification such as CompTIA Security+, CISSP, or equivalent
- Experience supporting SOC 2 or ISO 27001 certification processes
- Scripting skills (Python, Bash) for automation
- Prior exposure to SIEM tools or log management platforms
What We Offer
- A front-row seat in one of APAC's fastest-growing InsurTech companies
- Direct impact: you will own infrastructure for a product used by millions of travellers
- Collaborative, no-hierarchy team with strong engineering culture
- Competitive salary benchmarked to Malaysian tech market rates
- Flexible hybrid working arrangements
- Learning budget and support for professional certifications
- Exposure to regional operations across Singapore, Philippines, and 25+ APAC markets
