Title: Cybersecurity GRC Analyst
Payroll company: Skill Quotient Technologies Sdn Bhd
Working location: Kuala Lumpur, Malaysia
Job Type: 1-year contract (Renewable based on performance)
Key Responsibilities:
- Governance & Policy Management: Develop, review, and update enterprise-wide information security policies, standards, and procedures to ensure alignment with business goals and global security best practices.
- IT Risk Assessment: Lead comprehensive qualitative and quantitative risk assessments across internal systems, applications, and cloud infrastructure
- Track mitigation plans and maintain the Enterprise Risk Register.
- Compliance & Audit Management: Coordinate and execute internal and external audits. Ensure continuous compliance with frameworks such as ISO/IEC 27001, NIST CSF, SOC 2, and local regulations (e.g., Bank Negara Malaysia / BNM guidelines if in fintech/banking, PDPA).
- Third-Party / Vendor Risk Management (TPRM): Conduct deep-dive security assessments on third party vendors and external software providers, evaluating their SLAs, data privacy protocols, and compliance matrices.
- Control Mapping & Remediation: Actively test the effectiveness of existing technical and operational security controls.
- Partner with IT and DevOps teams to remediate identified control gaps.
- Security Awareness: Design and deliver cybersecurity awareness programs and mock-phishing exercises to build a risk-aware corporate culture.
Requirements & Qualifications:
- Education: Bachelor’s Degree in Cybersecurity, Computer Science, Information Technology, or a related discipline.
- Experience: Minimum of 5 years of dedicated working experience in Cybersecurity, IT Governance, Risk, and Compliance (GRC) or IT Audit.
- Framework Mastery: Strong hands-on expertise with ISO 27001, NIST, CIS Controls, COBIT, and data privacy laws (like GDPR / PDPA).
- Tools Experience: High proficiency using modern GRC software platforms (e.g., ServiceNow GRC, Archer, MetricStream, or Wiz).
- Certifications (Highly Valued): Possession of industry certifications such as CISA, CRISC, CISM, or CISSP is a major advantage.
- Soft Skills: Exceptional stakeholder management, report writing skills, and the ability to translate complex regulatory requirements into practical, technical security controls.
Job Type: Contract
Pay: Up to RM10,000.00 per month
Benefits:
- Dental insurance
- Health insurance
- Maternity leave
- Vision insurance
Ability to commute/relocate:
- Kuala Lumpur: Reliably commute or planning to relocate before starting work (Preferred)
Application Question(s):
- What is your notice period?
- What is your expected salary?
Experience:
- Governance, Risk & Compliance: 5 years (Preferred)
- Cybersecurity: 5 years (Preferred)
Work Location: In person