Information and Network Security GRC Senior Specialist

Information and Network Security GRC Senior Specialist

Add expected salary to your profile for insights

Are you ready to get ahead in your career?

• We want to empower you to turn your ambitions into achievements.
• We thrive in inclusiveness, diversity and embrace close collaborations for you to create impact for yourself and others.
• Together, we aim to bring the best of technology to help people, businesses and the nation to be ahead in a changing world.
• To realise our vision to become Malaysia’s leading converged solutions company, we are looking for a new talent to innovate and grow with us in a culture that values commitment, performance and possibilities.

Why does this job exist and why is it critical?

Job Summary

The role oversees compliance and risk management across critical technology systems, ensuring alignment with internal standards (INS / CoP), ISO / IEC 27001, and regulatory requirements. Responsibilities include managing control baselines, third‑party risk, and audit readiness; coordinating regulatory and board reporting; conducting control testing and assurance; and maintaining dashboards and key risk indicators for senior governance forums.

What are you accountable for?

1. INS / CoP Compliance (NCII) : Own the INS / CoP control baseline for critical systems across ISD and Telco Network; maintain the critical systems inventory, scope and control mapping; embed Technology & Cyber Risk Management and Cyber Resilience requirements into technical and procedural controls and SLAs.

2. Management, Regulatory & Board Reporting : Coordinate regulatory submissions (e.g., monthly / half‑yearly dashboards, incident notifications) and provide updates to senior governance bodies (e.g., TGC, ARC); track feedback and actions to closure.

3. ISO / IEC 27001 (ISMS) Governance : Act as control owner / co‑owner for applicable Annex A controls; maintain accurate SoA, risk treatment plans, audit evidence; support internal / external ISMS audits, surveillance, and certification activities.

4. Third‑Party Risk Management (TPRM) : Run end‑to‑end TPRM : vendor tiering, security questionnaires, evidence review, risk scoring, contractual security clauses (Cybersecurity General Policy & Consequence Management), tracking, and escalations for non‑responsive or high‑risk vendors. Ensure subcontractors inherit Maxis security obligations.

5. Control Testing & Assurance : Plan and perform control testing, walk‑throughs and sampling for INS / CoP, PDP, ISO 27001, and TPRM controls; produce clear findings and risk‑based remediation plans with accountable owners and target dates.

6. Metrics, KRIs & Dashboards : Develop and maintain compliance dashboards / metrics (INS / CoP, PDP, ISO 27001, TPRM). Present KRIs / KPIs to management forum, Technology Governance Committee (TGC) and ARC; ensure single source of truth for audit / regulatory evidence.

7. Incident & Resilience Enablement : Advise on incident classification, regulatory notification criteria and evidence capture for ISD & Network; ensure playbooks and runbooks reflect INS / CoP expectations and resilience targets (RTO / MTD).

What do you need to have to fit this role?

What’s next?

Maxis values diverse voices & people. We hire and reward our employees based on capability & performance — regardless of ethnicity, gender, age, education, religion, nationality or physical ability.

Perks and benefits : Medical education support, loan, dental, phone bill allowance, mobile phone subsidy, additional benefits.

#J-18808-Ljbffr