Information and Network Security GRC Senior Specialist

Information and Network Security GRC Senior Specialist page is loaded## Information and Network Security GRC Senior Specialistlocations : Sg. Besitime type : Full timeposted on : Posted Todaytime left to apply : End Date : December 31, 2025 (30+ days left to apply)job requisition id : JR12632

• We want to empower you to turn your ambitions into achievements.
• We thrive in inclusiveness, diversity and embrace close collaborations for you to create impact for yourself and others.
• Together, we aim to bring the best of technology to help people, businesses and the nation to be ahead in a changing world.
• To realise our vision to become Malaysia’s leading converged solutions company, we are looking for a new talent to innovate and grow with us in a culture that values commitment, performance and possibilities.
• Job Summary
• The role oversees compliance and risk management across critical technology systems, ensuring alignment with internal standards (INS / CoP), ISO / IEC 27001, and regulatory requirements. Responsibilities include managing control baselines, third-party risk, and audit readiness; coordinating regulatory and board reporting; conducting control testing and assurance; and maintaining dashboards and key risk indicators for senior governance forums.1.
• INS / CoP Compliance (NCII)
• : Own the INS / CoP control baseline for critical systems across ISD and Telco Network; maintain the critical systems inventory, scope and control mapping; embed Technology & Cyber Risk Management and Cyber Resilience requirements into technical and procedural controls and SLAs.2.
• Management, Regulatory & Board Reporting
• : Coordinate regulatory submissions (e.g., monthly / half‑yearly dashboards, incident notifications) and provide updates to senior governance bodies (e.g., TGC, ARC); track feedback and actions to closure.3.
• ISO / IEC 27001 (ISMS) Governance
• : Act as control owner / co‑owner for applicable Annex A controls; maintain accurate SoA, risk treatment plans, audit evidence; support internal / external ISMS audits, surveillance, and certification activities.4.
• Third‑Party Risk Management (TPRM)
• : Run end‑to‑end TPRM : vendor tiering, security questionnaires, evidence review, risk scoring, contractual security clauses (Cybersecurity General Policy & Consequence Management), tracking, and escalations for non‑responsive or high‑risk vendors. Ensure subcontractors inherit Maxis security obligations.5.
• Control Testing & Assurance
• : Plan and perform control testing, walk‑throughs and sampling for INS / CoP, PDP, ISO 27001, and TPRM controls; produce clear findings and risk‑based remediation plans with accountable owners and target dates.6.
• Metrics, KRIs & Dashboards
• : Develop and maintain compliance dashboards / metrics (INS / CoP, PDP, ISO 27001, TPRM). Present KRIs / KPIs to management forum, Technology Governance Committee (TGC) and ARC; ensure single source of truth for audit / regulatory evidence.7.
• Incident & Resilience Enablement
• : Advise on incident classification, regulatory notification criteria and evidence capture for ISD & Network; ensure playbooks and runbooks reflect INS / CoP expectations and resilience targets (RTO / MTD).
• Bachelor’s degree in Information Security, Computer Science, IT, Risk Management, or related field.
• Knowledge of INS / CoP, ISO / IEC 27001, and regulatory compliance frameworks.
• Experience in third-party risk management and vendor security assessments.
• Ability to manage audits, control testing, and remediation planning.
• Skilled in compliance reporting, dashboarding, and presenting KRIs / KPIs.
• Strong stakeholder engagement and communication skills.
• Relevant certifications (e.g., ISO 27001, CISA, CRISC, CISSP) are an advantage.
• Once you’ve applied online, our team will carefully review your application. Due to a high volume of applications, we appreciate your patience to allow for a fair and timely review process.
• Should you be shortlisted for the role, we will send you an invitation via email for a digital interview. You can also check on your application status by logging into your candidate account.Maxis values diverse voices & people. We hire and reward our employees based on capability & performance — regardless of ethnicity, gender, age, education, religion, nationality or physical ability.

#J-18808-Ljbffr