Malaysian Communication and Multimedia Commission (MCMC) – Sepang, Selangor
The Assistant Director will be reporting to the Head of the Technology Assurance Department, and is responsible for conducting audits of technology systems, networks, and cybersecurity measures within the Malaysian Communications and Multimedia Commission (MCMC). This role involves evaluating the effectiveness of technology controls, identifying risks, and contributing to the enhancement of the organization's technology governance and security practices.
Job Responsibilities
Audit Planning and ExecutionCollaborate with the audit team to plan and execute technology-focused audits in alignment with the annual technology assurance plan.
Assist in creating audit work programs, testing procedures, and standardized audit templates to ensure consistency and quality.
Document audit procedures, findings, and recommendations in adherence to established methodologies and standards.
Technology Assessment, Security Evaluation and ControlsPerform thorough assessments of technology infrastructure, systems, applications, and data protection mechanisms to identify vulnerabilities and risks.
Evaluate the adequacy and effectiveness of IT controls, security protocols, and technology risk management practices.
Cross-Functional Collaboration and Stakeholder CommunicationWork with cross-functional teams to address audit findings and facilitate the implementation of corrective actions.
Communicate audit findings and recommendations professionally to relevant stakeholders through clear written reports and verbal presentations.
Continuous Learning and AwarenessStay current with emerging technology trends, cybersecurity threats, and industry best practices to enhance audit effectiveness and relevance.
Reporting and VisualizationCreate comprehensive reports and visualizations to present data insights.
Utilize data visualization tools to communicate complex data to non-technical stakeholders effectively.
Process ImprovementContribute to the continuous improvement of technology audit processes and methodologies to optimize audit quality and efficiency.
Enhancement of Technology Assurance FrameworkContribute to strengthening the technology assurance framework by identifying and implementing best practices, tools, and methodologies that improve the effectiveness and efficiency of technology-related audit activities.
Qualifications and Work Experience
Candidate must at least have a Bachelor's Degree in Computer Science (Cybersecurity) / Network / Information Technology or related field.
Having a Master's degree would be an added advantage.
Knowledge of cybersecurity frameworks or standards (e.g. ISO 27001, GDPR, PDPA, etc.).
Have a certification(s) e.g. Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), COBIT.
Minimum 3 years of experience in Cybersecurity auditing or a related role.
Experience with cloud-based systems and cloud security.
Familiarity with DevOps and Agile development methodologies.
Proficiency in programming languages such as Python, Java, or C++ for developing custom security tools and scripts.
Experience with network security tools like Wireshark, tcpdump, and Nmap for analyzing network traffic and identifying vulnerabilities.
Knowledge of web application security testing tools like OWASP ZAP, Burp Suite, or Acunetix for assessing web application security.
Familiarity with database security best practices and tools like SQL injection testing frameworks.
Knowledge of cryptography principles and experience with encryption tools and libraries.
Proficiency in using audit software and tools to enhance audit effectiveness.
Strong problem-solving abilities and a proactive approach to identifying and addressing issues.
High ethical standards and a commitment to upholding integrity and professionalism.
Knowledge of the telecommunications or regulatory environment, such as BNM RMiT or SC's Guideline on Technology Risk Management, is a plus.
Risk Assessment - Proficiency in conducting risk assessments to identify and evaluate security risks. Ability to develop and implement risk mitigation strategies.
Regulatory Compliance - In-depth knowledge of domestic and international regulatory requirements and industry standards such as ISO 27001, NIST, and PDPA. Experience in conducting compliance audits and ensuring adherence to regulations.
Vulnerability Management - Expertise in identifying and managing vulnerabilities using tools such as Nessus, Qualys, and OpenVAS. Ability to prioritize and remediate vulnerabilities effectively.
Penetration Testing - Skilled in conducting penetration tests to identify security weaknesses. Proficiency with penetration testing tools such as Metasploit, Burp Suite, and Kali Linux.
Incident Response - Experience in developing and executing incident response plans. Ability to conduct forensic investigations and analyze security incidents.
Security Policy Development - Ability to develop, implement, and review security policies and procedures. Ensure policies align with organizational objectives and regulatory requirements.
Audit Reporting - Strong ability to prepare detailed audit reports. Excellent skills in presenting findings and recommendations to stakeholders.
Analytical Thinking - Strong ability to analyze complex security issues and develop effective, data-driven solutions. Capable of dissecting problems and identifying root causes to enhance security measures.
Attention to Detail - High level of accuracy and thoroughness in identifying and addressing security vulnerabilities. Keen eye for identifying potential security risks in various systems and processes.
Problem Solving Skills - Proactive approach to troubleshooting and resolving security issues efficiently. Ability to think critically and develop innovative solutions to complex security challenges.
Communication Skills - Excellent written and verbal communication skills to effectively convey security findings and recommendations. Ability to explain technical concepts to non-technical stakeholders.
Team Collaboration - Strong interpersonal skills to work effectively with cross-functional teams. Ability to foster a collaborative environment and build strong working relationships.
Adaptability - Flexibility to adapt to changing security landscapes and new threats. Willingness to continuously update skills and knowledge in response to emerging security trends.
Ethical Judgment - High ethical standards and integrity in handling sensitive and confidential information. Commitment to ethical conduct and compliance with legal and regulatory requirements.
Continuous Learning - Commitment to staying updated with the latest cybersecurity trends, tools, and techniques. Proactive in seeking out professional development opportunities and certifications.
Organizational Skills - Strong organizational skills to manage multiple audits and assessments concurrently. Ability to prioritize tasks and meet deadlines effectively.
Candidate must be willing to work in Cyberjaya.#J-18808-Ljbffr
1. Job scope as follows: a) Experience in operating SQL Accounting Software and Microsoft (Excel, Word and PowerPoint ). b) Preparing documentation for audi...
Spm Resources.Sdn.Bhd - Selangor
Published a month ago
-Managing company assets and financial expenditures. -Preparing financial documents such as invoices, tax filings, and monthly profit reports. -Maintaini...
Uniwell Malaysia Sdn Bhd - Selangor
Published a month ago
-Efficiently resolving client audit queries and regularly following up on outstanding queries. -Demonstrating the ability to analyze and understand client...
Ch & Associates Plt - Selangor
Published a month ago
We are seeking a detail-oriented and organized Accounting & Administration Officer to join our team in Selangor, Malaysia. The ideal candidate will be respon...
Wisdom Bright (Malaysia) Sdn Bhd - Selangor
Published a month ago
Built at: 2024-12-23T08:30:49.733Z