Share this Job

CYBER INFORMATION SECURITY RISK & COMPLIANCE

Date: 16-Apr-2019

Location: Kuala Lumpur, MY

Company: Celcom Axiata Berhad

Job Description

JOB PURPOSE:

Plan, develop, implement and monitor the execution of Information Security Compliance Program for periodic review of the information security posture and compliance; and to manage the overall Cyber Security Risk effort in alignment with Corporate Risk Management across the organization.

ACCOUNTABILITIES /KEY RESPONSIBILITIES:

  • Develop and maintain Cyber Risk Framework taking into accounts current risk appetite, future visibility and likely risk posture in relation to Information Security risk as guideline to all Celcom Business Users to prudently identify, analyze and manage cyber risk.
  • Development of Information Security Compliance Framework with implementation approach based on selected Information Security Best Practices and processes as a guideline to ensure effective implementation of security assessment activities in the security compliance program.
  • Development and establishment of Information Security Compliance Program, Information Compliance Audit/ Compliance Process & Overall Information Security Compliance Check Cycle to periodically review the information security posture to enforce implementation of security compliance across Celcom.
  • Management of overall Cyber Security Risk effort to establish Cyber Security Risk Registers for Celcom Management review, acceptance to improve Cyber Security Maturity Level across Celcom.
  • Plan, Develop information security risk assessment exercise, including providing inputs to the Enterprise Risk Management team on the improvement required to address technology risks for Information security assurance (compliance/validation) in alignment with Enterprise Risk Management Framework;
  • Plan and execution of Security Maturity Assessment of Celcom Control environment across the enterprise to review, monitor the effectiveness of security risk control implementation in order to achieve the target Cyber Security Maturity Level.
  • Implementation of dashboard reporting for all Compliance and Risk Management efforts which include management updates to Board of Audit Committee (BAC), Finance/G.RED Committee to acquire management review and approval of risk control implementation/improvement initiatives to increase Cyber Security Maturity Level across Celcom to the desired Level.
  • Provide security compliance (as KPI) rating to relevant Celcom teams based on security assessments findings to ensure improvement of security compliance at IT and Network landscape.
  • Enforcement of security maturity improvement in the area of security compliance (operational matters and new projects) guided by established Information Security Policy, Information Security Manual, Information Security Baselines and Processes to improve security compliance.
  • Provide Information Security references for enforcement of consequent management on security breaches, non-compliant to Information Security Policies, guidelines or relevant regulatory requirements. 
  • Provide hands-on advisory on the gray areas related to security compliance and exceptions as well as to assist in finding solutions to move forward on the planned security initiatives for implementation of controls for risk mitigation and compliance;

QUALIFICATIONS, EXPERIENCE & SKILLS/COMPETENCIES

QUALIFICATIONS:

  • Degree in Information Technology or Computer Science or Network / Telecommunications Engineer (BSc, B.IT, etc.)
  • CISA / CISM / CISSP (would be an advantage)
  • Good understanding of Information security related standards and best practices (these include ISO 27001, NIST, PDPA, PCI-DSS, Cybercrime act, 3GPP, ITU-T x.805, ITU-T)
  • Understanding of Exposure to Cyber laws and Law enforcement requirements (would be an advantage)

EXPERIENCE:

Years of Experience:

  • At least 10-15 years working experience in IT Security and or related fields.

 

TECHNICAL & BEHAVIOURAL COMPETENCIES/ SKILLS

TECHNICAL & BEHAVIOURAL COMPETENCIES/ SKILLS:

Preferable Previous Work Background/Exposure:

  • IT Security (ISMS/ISO 270001)
  • Risk Management
  • IT/Network Auditor
  • Processes (ITIL)

Preferable Previous Work Background/Industry:

  • Security/Telecommunications or
  • Security/Banking

Computer Literacy:

  • Minimum-Microsoft Word, Excel, Power Point
  • Advantage-basic knowledge related to IT Infrastructure, Database & Network in relation to security

 


Job Segment: Information Security, Risk Management, Telecom, Telecommunications, Compliance, Technology, Finance, Legal