Talent.com
This job offer is not available in your country.
IT Security & Data Governance Manager

IT Security & Data Governance Manager

MediExpressSubang Jaya, Selangor, Malaysia
16 hours ago
Job description

Overview

At Mediexpress (M) Sdn Bhd, we’re proud to be one of Malaysia’s leaders in managed healthcare services and part of a global Japanese multinational group. We believe in making healthcare services simpler, smarter, and more effective — and we know it takes great people to make that happen.

What You’ll Be Doing

To safeguard sensitve data ensuring regulatory compliance and protecting IT systems & infrastructure from evolving cybersecurity threats and responsible for the strategic & operational oversight of the organization's cybersecurity posture, data protection governance, and compliance with regulatory frameworks such as PDPA, ISO 27001, and BNM guidelines (RMiT & BCM). This role also assumes the responsibility of the Data Protection Officer (DPO) under the Personal Data Protection Act 2010 (PDPA), ensuring the confidentiality, integrity, and availability of sensitive information assets. This is a mid-level to senior role that blends technical, strategic and leadership responsibilities.

Information Security Management

  • Lead the planning, development, and implementation of the IT security strategy aligned with business objectives
  • Oversee technical security controls, policies, and guidelines across IT systems, applications, and infrastructure
  • Ensure threat intelligence, vulnerability management, and incident response procedures are in place and well maintained
  • Collaborate with Infrastructure, Application, and Compliance teams on secure architecture and configuration

Data Protection & DPO Responsibilities

  • Act as the appointed Data Protection Officer (DPO) under PDPA 2010
  • Monitor compliance with data protection regulations and internal policies
  • Coordinate with departments on personal data processing risk assessments, DPIAs, and consent management practices
  • Handle data breach response coordination, including regulatory notifications and investigations
  • Drive IT risk management activities, including IT / cyber risk assessments, internal audits, and mitigation plans
  • Maintain and enhance alignment with frameworks such as ISO / IEC 27001, NIST, CIS, and BNM TRMF / CRM
  • Support the Compliance Manager with audits and regulatory inquiries involving IT controls
  • Develop and update IT security policies, SOPs, and playbooks

    • Cyber Risk Management & Security Assessment

  • Perform regular risk assessments of networks, systems, applications
  • Identify vulnerabilities, recommend mitigation strategies, and ensure preventive / corrective actions are implemented
  • Schedule and coordinate vulnerability scans and remediation cycles
  • Track open vulnerabilities and patching validation efforts & compliance across systems
  • Work closely with Vendors, Infrastructure, Software Engineering team to close critical security gaps

    • Security Operations, Application & Infrastructure Oversight

  • Manage and monitor firewalls (e.g., Fortigate, Palo Alto), IDS / IPS, WAF, DDOS, Endpoint protection tools (Client, Server & Email)
  • Collaborate with infrastructure / network / software teams / SOC / NOC to secure VPNs, firewalls, and segmentation policies
  • Oversee secure configuration and patch management of physical servers, VMs, and cloud platforms
  • Implement secure configuration baselines for servers / virtualized servers, network & storage devices, databases, and applications
  • Monitor privileged access usage ensuring proper logging and account lifecycle reviews
  • Support secure SDLC practices in software development and deployment (for in-house apps, portals and mobile apps)

    • Access Control, Identity Management & Data Protection

  • Ensure robust Identity & Access Management (IAM) across systems : enforcing access control policies, ensuring least privilege and role-based access
  • Managing multi-factor authentication (MFA) and privileged access for critical systems
  • Work with Stakeholders, HR and IT to enforce role-based access and employee lifecycle policies
  • Implement encryption, secure transmission, and backup protection policies
  • Periodic review of user accounts, especially after employee offboarding

    • Incident Response & Threat Handling

  • Develop and lead incident response plans (IRP)
  • Act as the point-of-contact for all security breaches, incidents, and investigations
  • Conduct post-mortems, report findings, and implement learnings to improve resilience

    • Third-Party & Vendor Risk Management

  • Conduct due diligence on third-party vendors and ensure secure integration practices
  • Regularly review vendor SLAs and security certifications
  • Collaborate with IT, HR, Operations & Legal representatives to implement best practices
  • Review security and data protection related clauses in contracts and third-party agreements
  • Support communication with the PDP Commissioner Office (JPDP) and assist in audits

    • Training and Awareness

  • Work closely with IT Compliance Manager to build a security-conscious culture throughout the organization, conduct security / cyber hygiene, data privacy and handling awareness programs for employees and / or relevant departments and vendors where applicable
  • Maintain training records, materials and awareness results

    • Documentation & Audit Support

  • Where applicable, keep records of security logs, asset inventories, access review findings, and privacy compliance checklists
  • Assist with internal / external audit readiness, documentation, and evidence collection
  • Participate in client due diligence exercises, security questionnaires, and audits

    • What Will Help You Succeed

  • Excellent written and verbal communication skills for both technical and non-technical audiences
  • Analytical, critical thinking and risk assessment capabilities
  • Ability to interpret and translate regulatory requirements into business action with strong understanding of security, personal data handling and privacy obligations
  • Ability to educate, influence, and guide teams in adopting secure practices.
  • Ability to work independently and manage cross-functional stakeholders and clients

    • What We’re Looking For

  • Bachelor\'s degree in computer science, Information Technology, or related field
  • 15+ years in Information Security, Risk Management or Data Governance
  • Deep understanding of network security, VPN / IPSec, endpoint protection, log analysis, vulnerability scanning, and data protection.
  • Hands-on experience with firewalls (Fortigate, SonicWall, Palo Alto, etc), SIEM tools, DLP, IAM (Identity and Access Management), Virtualization, Veeam backup systems, and hybrid cloud security setups
  • Experience in a regulated environment (insurance, healthcare, finance) is strongly preferred
  • Familiarity with ISO 27001 or IT governance or relevant security frameworks is a plus
  • Certifications in CISSP / CISM / CRISC / CISA is a plus

    • Why Join Us

    At Mediexpress, you’ll not only be part of a company that leads in healthcare services, but also one that values collaboration, growth, and innovation. We offer opportunities to learn, contribute, and make a meaningful impact in a supportive environment.

    #J-18808-Ljbffr

    Create a job alert for this search

    Manager It • Subang Jaya, Selangor, Malaysia