Information Security Policy Specialist

Kuala Lumpur Permanent

Added 03/03/2021

  • Great learning opportunity
  • International experience

About Our Client

Our client is an internationally renowned IT firm that has their shared services branches in Malaysia.

Job Description

  • Partner with internal teams (AD, Mail, Network, Server, Application, Database, Voice & Video, Incident and Response, SecOps, etc) to ensure policies meet the needs and goals of Information Security
  • Partner with the security awareness team to communicate new policies and spread general awareness about policy set
  • Partner with internal teams (Compliance, Internal Auditor) to test compliance with information security policies and standards
  • Collaborate with other departments (Legal, HR, Finance, Engineering, etc.) on cross-functional policies
  • Review existing and proposed policies and standards with stakeholders.
  • Perform gap analyses and mappings of information security frameworks and the security requirements contained in existing and proposed security documents
  • Gather and store artifacts to prepare for audits
  • Stay abreast of legal and regulatory (NIST CSF, SP800-53, ISO 27001) changes that could impact our policies
  • Provide training and awareness on policy life cycle
  • Advocate for changes in policy that support organizational cyberspace initiatives or required changes/enhancements.
  • Perform other duties as assigned, such as conducting annual supply chain security survey by sending survey checklist to suppliers, tracking checklist submission, survey result analysis, compilation and reporting, and checklist revision.

The Successful Applicant

  • Bachelor's Degree, preferably in IT, information security, risk management, data privacy or law
  • 6+ years of experience in IT, information security, compliance, data privacy or related industry
  • Experience or interest in IT, information security, information risk management
  • Experience drafting corporate policies or working in document management is a plus
  • Good writing skills, with experience as a writer or technical editor is a plus
  • Understanding of information security, IT governance, risk and compliance frameworks, methodologies and practices including NIST CSF, SP800-53, and ISO 27001
  • Strong attention to detail, organization skills, and time management
  • Good verbal and written communication skills
  • Ability to interact professionally with a diverse group: executive, managers, and subject matter experts
  • Ability to take direction and independently work through projects as required
  • Knowledge of, or experience working with, Cloud technologies/environments is a plus
  • Possess relevant professional qualification (e.g. CISA, CRISC, CGEIT, CISM, or CISSP) is a plus

What's on Offer

You will be offered a competitive package of MYR180,000 annually.

Quote job ref
4184701

Job summary

Function
Specialisation
Location
Contract Type
Job Reference
4184701