Share this Job


Date: 16-Apr-2019

Location: Kuala Lumpur, MY

Company: Celcom Axiata Berhad

Job Description

Lead, implement and enforce cyber security solution to protect and secure the organization. Manage and coordinate cross function team members, vendors and partners in delivering end-to-end cyber security solution in the organization.
(Indicate the number of executives and non-executives reporting to your position if any.  Please attaches organization chart.)
(If any) REMARKS
(For indirect reporting)
Please list in brief and concise statements the accountabilities / key responsibilities of the position
1 Develop, lead and manage the security solution project in order to ensure that the business users are provided with the required security tools, information and support to minimize the risks against internal and external threats.
2 Organize, plan and control all security requirements for Celcom Information Security Projects as to ensure it comply to security architecture standard and best practices.
3 Manage complex Celcom Information security projects by utilize project management skills and ensure all the project is completed according to the plan.
4 Lead the preparation of RFI/ RFQ and RFP, evaluations and vendor engagements to address the security gap and improve cyber maturity level.
5 Interact and coordinate with the various business units and build visibility on the activities in relation to Celcom Information Security.
6 Assessing the adequacy and coordinating the implementation of specific Celcom Information Security controls for new Celcom Information systems and services.
7 Provide security testing and product evaluation of security solutions and controls.
8 Provide guideline and recommendation to Information Security architecture matters raise by users as to ensure their architecture is aligned
9 Assess, identify and document the technical Celcom Information Security controls for technologies deployed within the Celcom Information Security portfolio.
10 Identify and propose technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks


(List down the minimum qualifications required) EXPERIENCE: 
(List down the minimum years and type of experience required)
Education Qualification:
• Bachelor degree holder (IT or related technical preferred) with Information Security knowledge
• ISO 27001 Implementer / Lead Auditor
• CISA / CISM/ CISSP (would be an advantage)
• Good understanding of Information security related standards and best practices (these include ISO 27001, NIST, PDPA, PCI-DSS, Cybercrime act, CSA, IETF,TIA, ETSI etc.)
• Good understanding of Cyber laws and Law enforcement requirements
Years of Experience:
• At least 7-10 years working experience in IT Security and or related fields.
• At least 7 years of Information Security Solutioning
Preferable Previous Work Background:
• Information Security
Preferable Previous Work Industry:
• Telecommunication
Mobility/ Travel Flexibility:
• Limited travelling to datacenters and other offices
• Limited travelling for conferences and trainings
Computer Literacy:
• Significant technical and conceptual knowledge and experience of security across a wide range of infrastructures and systems:
o LAN, WAN and Internet networking technology,
o OS, database and application concept
o Security solutions such as IPS, firewall and WAF
o Sound understanding of the latest threat landscape and the technologies that need to be in place to mitigate these threats
• Proficient in English and Bahasa Malaysia
Personality Preference:
• Outgoing, Confident, and able to lead team
• Critical thinking
• Able to make decision, and be responsible for it 
• Demonstrate attention to quality and detail


List down the critical skills required of the position (i.e. not more than 10)
1. Excellent communication skills – written and verbal – to deal with technical and non-technical users.
2. Ability to communicate information security principles, policies, rationale and standards.
3. Foster very strong technical skills with particular emphasis on Enterprise IT Security which includes but not limited to security attacks and prevention, protection concepts and technologies, and security governance.
4. Close monitoring and maintenance of records to enable quick response to alerts, incidents, problems and changes. 
5. Good judgment demonstrated in situations where balancing conflicting demands and taking pragmatic decisions is important
6. Good understanding of security assessment methods, tools and best practices (baselines, standards & etc.)
7. Understanding of Telecommunication Company Infrastructure and applications (Billing platforms, online and customer facing platforms).
8. Understanding of Information Security Principles
9. Understanding of Information Security Risk Management processes
10. Information Security standards and best practices (these include ISO 27001, NIST, PDPA, PCI-DSS, Cyber crime act, etc.)
Key Challenges
Please list down the critical challenges of the position
1 Keeping up-to date with the rapidly changing technology trends, issues and technology.
2 Ensure any technical solutions proposed adherence with the developed technology and security standards in all aspects.
3 Multi – vendor environment and technologies require specific study of declared and un- declared information security threats and mitigations
4 Determination of which security level is the best to be implemented for Celcom infrastructure and getting full support to its implementation from other business units and departments
5 Project managers adhere to security architecture

Job Segment: Telecom, Telecommunications, Corporate Security, Cyber Security, Technology, Security