-Collaborate with the CISO Office and IT teams to develop, implement, and enhance information security frameworks, strategies, policies and procedures aligned with industry standards and regulatory requirements, while evaluating security needs during new project and/or development, managing third-party vendor security risks, and optimizing security tools through IT partnership.
-Ensure compliance with relevant laws, regulations, and industry standards (e.g., PCIDSS, BNM MAPD, Cyber Security Act 2024, PDPA), and support internal/external security audits, assessments and due diligences.
-Lead, monitor and manage Identity and Privilege Access Management (IAM/PAM), IT and security risk management, which include, but not limited to risk assessment, vulnerability scanning, penetration testing, mitigation strategy, SOC alert, MFA, least privilege, and role-based access control (RBAC) for users across the organization.
-Provide regular updates on vulnerability remediation, security metrics, and cyber resilience activities to management, and assist with security awareness programs.
-Oversee incident response, disaster recovery, and business continuity planning and process by implementing regular testing and tabletop exercise.
-Lead and mentor the CISO Office team, manage security budgets, and recommend professional training initiatives.
(Apply now at https://my.hiredly.com/jobs/jobs-malaysia-ipay88-m-sdn-bhd-job-assistant-information-security-manager)
; Requirements:-
-Bachelor's Degree in Computer Science, Information Security, Cyber Security, or equivalent.
-5 years of experience in information security roles, preferably within payment gateways, banking, financial services, or ICT environments.
-Preferred qualifications include relevant certifications such as CISSP, CISM, or CISA, experience in implementing and managing PCIDSS frameworks, and familiarity with cloud security.
-Strong understanding of information security principles, vulnerability assessment and penetration testing, risk management, and compliance.
-A clear understanding of IT operations from an information security perspective, including the interaction with risk appetites to ensure the organization remains secure and compliant with industry standards, regulations, and card scheme requirements.
-Proven ability to lead teams and manage complex projects effectively.