Talent.com
Principal Security Consultant

Principal Security Consultant

AwantecCyberjaya, Selangor, Malaysia
11 hours ago
Job description

Responsibilities

  • Perform security risk and controls assessments, gap analyses, and compliance readiness engagements
  • Conduct penetration testing, vulnerability assessments, and report actionable remediation
  • Develop and implement security frameworks based on ISO 27001, NIST CSF, and RMiT for clients
  • Design and deliver compliance dashboards to support CXOs and audit committees
  • Lead ISMS certification programs for clients, from initiation through audit closure
  • Provide technical and compliance advisory during Managed SOC onboarding and client SOC integration
  • Support the design and implementation of AI-enabled security use cases (XDR, IAM, PAM) as part of advisory work
  • Deliver awareness and training programs under the Awantec Cyber Academy
  • Act as subject matter expert in compliance-related incident response and audits
  • Collaborate on developing standard compliance “packs” to accelerate consulting delivery and support Cybersecurity-as-a-Service (CSaaS) offerings

Job Responsibilities

  • Deliver client-facing engagements in cyber risk consulting, compliance readiness, and vulnerability assessments
  • Lead ISMS, NIST, PDPA, RMIT, PCI DSS, SOC 2, and CSA Star audit support, ensuring high client pass rates and alignment with Awantec’s compliance dashboards
  • Provide technical oversight for penetration testing, vulnerability assessments, and SOC risk workflows, ensuring risk-based triage and compliance integration
  • Actively participate in NACSA, Cybersecurity Malaysia, and CGSO regulatory frameworks, ensuring Awantec’s alignment with national initiatives
  • Support Awantec’s Cyber Academy by developing training modules in compliance, risk governance, and penetration testing
  • Collaborate with sales and pre-sales teams to scope engagements, build proposals, and present up to C-level stakeholders
  • Support Phase 1 service delivery under the Cybersecurity Services Roadmap :
  • Risk consulting and certification readiness (RMiT, ISO 27001, NIST CSF)
  • Security Posture Assessments (Google Workspace, endpoint EDR, VPC firewall)
  • Vulnerability assessment & penetration testing (VAPT)
  • Compliance dashboards tailored for CXOs and auditors
  • Advisory support for SOC readiness and integration into Managed SOC services

    • Qualifications

  • Bachelor’s degree in Computer Science, Information Technology, or related field
  • Professional certifications such as ISO 27001 Lead Implementer, CEH, GIAC Penetration Tester, and Certified Network Defender (CND) are highly expected to ensure credibility in delivery
  • A minimum of 8 years’ proven experience in information security and compliance, ideally with exposure to regulatory environments such as MCMC, SIRIM, BSI, NIOSH, or equivalent bodies, as well as enterprise compliance audits, is strongly required to perform effectively in this role
  • Strong client-facing skills, with experience presenting to regulators and senior executives
  • Hands-on experience in policy development, risk governance, and audit management

    • Desired Experience / Exposure

  • Penetration testing, VAPT, and vulnerability management
  • Governance, risk, and compliance (GRC) consulting
  • Public sector and GLC regulatory requirements (PDPA, RMiT, Cybersecurity Act 2024)
  • SOCaaS environments, compliance dashboards, and risk-based monitoring
  • International and national cybersecurity policy engagement

    • #J-18808-Ljbffr

    Create a job alert for this search

    Principal • Cyberjaya, Selangor, Malaysia