Share this Job


Date: 27-Aug-2021

Location: Petaling Jaya, MY

Company: Celcom Axiata Berhad

Job Description


Execute and manage enterprise wide information security risk assessments, recommending and tracking risk treatment plans and monitor and report risk indicators and exceptions.


  • Identify Information Security Risks and performs the necessary assessment and evaluation in line with the organization’s risk management framework 
  • Maintains an up to date Information Security Risk Register  
  • Assess the effectiveness of controls against risk indicators and reports any emerging or increasing risk 
  • Manages the risk acceptance process by assessing the risk exposure and proposing the necessary compensating controls to reduce the risk 
  • Tracks and reports all control remediation and non-compliance progress 
  • Tracks and reports all activities listed in the CISO Compliance Calendar 
  • Provide the necessary feedback on emerging risks and risks related to emerging technologies 
  • Highlights the key risk areas for management attention with the appropriate recommendation  
  • Work with the Threat Management and Cyber Defense teams to continuously understand the threats and open vulnerabilities affecting the enterprise 
  • Produce the necessary weekly, monthly and quarterly Risk & Compliance reports 



  • Degree in Information Technology, Cyber Security or equivalent 
  • CRISC, CISM or equivalent certification (would be an advantage) 
  • Good understanding of Information Security Risk Management Frameworks and Standards e.g. ISO 27005, ISO 31000, NIST etc 


  • Combination of the below is recommended: 
    • Information Security Risk & Compliance Management (5-6 years) 
    • Information Security Governance (5-6 years) 
    • Information Security Operations Management (5-6 years) 
    • Information Technology/Telecommunication (3-4 years) 


  • Good communication, influencing and negotiation skills 
  • Good written and verbal and able to deal with technical and non-technical stakeholders 
  • Good understanding of security risk assessment methods, tools and best practices  
  • Hands on experience in conducting risk assessment and control assessments 
  • Able to produce and communicate risk assessment reports to various stakeholders 
  • Good understanding of information security controls and its relationship in reducing risk exposure. 
  • Good understanding of Information Security Risk Management Framework, principles and processes  
  • Good knowledge of Information Security standards and best practices (these include ISO 27001, NIST, PDPA, PCI-DSS, Cyber crime act, etc.)  

Job Segment: Information Security, Compliance, Risk Management, Telecom, Technology, Legal, Security, Finance