Share this Job


Date: 16-Apr-2019

Location: Kuala Lumpur, MY

Company: Celcom Axiata Berhad

Job Description

Manage and coordinate compliance to Celcom Security Policies and relevant Telco International standards and regulations, such as ITUx 805, GSMA, 3GPP, ISMS, /ISO2700, Telco Regulatory Requirements from MCMC. Guide and coach teams in various options to achieve desired compliance level across telco infrastructure and reduce potential cyber risk exposure to the business and potential data and revenue leakages.

Please list in brief and concise statements the accountabilities / key responsibilities of the position
1    Manage and direct cross functional teams within telco environment in the compliance requirements, evidence required for compliance reporting and cyber risk profiling. This includes the monitoring, sustaining and improving of the existing compliance levels. 
2    To manage, produce and analyse the compliance levels across the telco functional area and identify potential areas of high cyber risk exposure. Manage and maintain proper tracking and reporting are in place for telco internal control reviews and risk assessments.
3    Analyze and recommend improvements to existing compliance tools within telco environment. Identify, select and customise new compliance tools to facilitate and automate the compliance program monitoring progress (driving efficiency and effectiveness of compliance process via automation). Develop custom scripts and automated tools for testing compliance (e.g. access review scripts, minimum baseline compliance scripts, etc.)
4    Plan and manage periodic assessment of the telco environment and work with selected Telecom and Technology Controls to document inherent and residual telco compliance risks.
5    Maintain the maturity and cyber risk levels and manage the ongoing improvement of the maturity level.
6    Lead, coach and guide the telco teams on the development and implementation of Telco and Technology controls monitoring programs to ensure overall telco compliance-related risks are managed to the appropriate level of acceptable residual risk.
7    Manage and coordinate the overall compliance risk, remediation activities and tracking within the telco environment and provide inputs to the overall control effectiveness to the Cyber Risk & Compliance Lead and Cyber Strategy & Governance Leads.
8    Research, assess and propose more effective process in relation to effective telco compliance monitoring and reporting. 
9    Protect company assets by helping to provide inputs to the development of security strategies for overall compliance; directing system control development and access management, monitoring, control, and evaluation. Perform other duties as assigned.
10    Assist in identifying the information security risks and evaluating the potential gaps in telco infrastructure. Telco specific knowledge is required.
11    Conduct risk assessments of third parties as part of the Vendor Risk Management program, where applicable.
12    Sustain awareness of external regulations for new or changed requirements (e.g., ISO27001, PCIDSS, etc)
13    Responsible for maintaining and continuously enhancing Celcom’s compliance and risk management programs
14    Accountable and being involve with various Celcom Information Security compliance and Risk Management initiative.


(List down the minimum qualifications required)    EXPERIENCE: 
(List down the minimum years and type of experience required)
Education Qualification:
•    Bachelor degree holder (IT or related technical preferred) with Information Security knowledge
•    Knowledgeable with following information security risk frameworks: ISO 27001, 27002, NIST 800, COBIT, etc.
•    Knowledgeable with following regulatory compliance: GDPR, SOC 1/2/3, PCIDSS, NIST, PDPA
•    Following certifications would be added advantage: CRISC, CISA/ CISM/ CISSP
•    Good understanding of Cyber Risk and Risk Assessment requirements
    Years of Experience:
•    At least 3-5 years working experience in IT/ Information Security and or related fields.
•    At least 2 years of Information Risk Management/ 
•    At least 2 Years in Information Security GRC

Preferable Previous Work Background:
•    Information Security
•    IT Security

Preferable Previous Work Industry:
•    Telecommunication

Mobility/ Travel Flexibility:
•    Limited travelling to datacenters and other offices
•    Limited travelling for conferences and trainings

Computer Literacy:
•    Reasonable technical and conceptual knowledge and experience of security across a wide range of infrastructures and systems:

•    Proficient in English and Bahasa Malaysia

Personality Preference:
•    Outgoing, Confident, and able to advise team
•    Critical thinking
•    Able to make decision, and be responsible for it 
•    Demonstrate attention to quality and detail


List down the critical skills required of the position (i.e. not more than 10)
1.    Good communication skills – written and verbal – to deal with technical and non-technical users.
2.    Ability to communicate information security principles, policies, rationale and standards.
3.    Strong motivational and interpersonal skills 
4.    Ability to connect compliance issues to risk and threat exposure
5.    Good judgment demonstrated in situations where balancing conflicting demands and taking pragmatic decisions is important
6.    Good understanding of security assessment methods, tools and best practices (baselines, standards & etc.)
7.    Understanding of Telecommunication Company Infrastructure and applications (Billing platforms, online and customer facing platforms).
8.    Understanding of Information Security Principles
9.    Understanding of Information Security Risk Management processes
10.    Information Security standards and best practices (these include ISO 27001, NIST, PDPA, PCI-DSS, Cyber crime act, etc.)

Key Challenges
Please list down the critical challenges of the position
1    Keeping up-to date with the rapidly changing technology trends, issues and technology.

2    Ensure any technical solutions proposed adherence with the developed technology and security standards in all aspects.
3    Multi – vendor environment and technologies require specific study of declared and un- declared information security threats and mitigations

4    Determination of which security level is the best to be implemented for Celcom infrastructure and getting full support to its implementation from other business units and departments

Job Segment: Information Security, Risk Management, Telecom, Telecommunications, Compliance, Technology, Finance, Legal