Information and Network Security GRC Senior Specialist

Information and Network Security GRC Senior Specialist

Maxis Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia

Why does this job exist and why is it critical?

The role oversees compliance and risk management across critical technology systems, ensuring alignment with internal standards (INS / CoP), ISO / IEC 27001, and regulatory requirements. Responsibilities include managing control baselines, third‑party risk, and audit readiness; coordinating regulatory and board reporting; conducting control testing and assurance; and maintaining dashboards and key risk indicators for senior governance forums.

What are you accountable for?

• INS / CoP Compliance (NCII) : Own the INS / CoP control baseline for critical systems across ISD and Telco Network; maintain the critical systems inventory, scope and control mapping; embed Technology & Cyber Risk Management and Cyber Resilience requirements into technical and procedural controls and SLAs.
• Management, Regulatory & Board Reporting : Coordinate regulatory submissions (e.g., monthly / half‑yearly dashboards, incident notifications) and provide updates to senior governance bodies (e.g., TGC, ARC); track feedback and actions to closure.
• ISO / IEC 27001 (ISMS) Governance : Act as control owner / co‑owner for applicable Annex A controls; maintain accurate SoA, risk treatment plans, audit evidence; support internal / external ISMS audits, surveillance, and certification activities.
• Third‑Party Risk Management (TPRM) : Run end‑to‑end TPRM : vendor tiering, security questionnaires, evidence review, risk scoring, contractual security clauses (Cybersecurity General Policy & Consequence Management), tracking, and escalations for non‑responsive or high‑risk vendors. Ensure subcontractors inherit Maxis security obligations.
• Control Testing & Assurance : Plan and perform control testing, walk‑throughs and sampling for INS / CoP, PDP, ISO 27001, and TPRM controls; produce clear findings and risk‑based remediation plans with accountable owners and target dates.
• Metrics, KRIs & Dashboards : Develop and maintain compliance dashboards / metrics (INS / CoP, PDP, ISO 27001, TPRM). Present KRIs / KPIs to management forum, Technology Governance Committee (TGC) and ARC; ensure single source of truth for audit / regulatory evidence.
• Incident & Resilience Enablement : Advise on incident classification, regulatory notification criteria and evidence capture for ISD & Network; ensure playbooks and runbooks reflect INS / CoP expectations and resilience targets (RTO / MTD).

What do you need to have to fit this role?

What’s next?

Maxis values diverse voices & people. We hire and reward our employees based on capability & performance — regardless of ethnicity, gender, age, education, religion, nationality or physical ability.

Seniority level

Mid‑Senior level

Employment type

Full-time

Job function

Information Technology

Industries

IT Services and IT Consulting, Telecommunications, and Business Consulting and Services

#J-18808-Ljbffr