Talent.com
Tawaran kerja ini tidak tersedia di negara anda.
IT Security & Data Governance Manager

IT Security & Data Governance Manager

MediExpressSubang Jaya, Selangor, Malaysia
5 jam yang lalu
Penerangan pekerjaan

Overview

At Mediexpress (M) Sdn Bhd, we’re proud to be one of Malaysia’s leaders in managed healthcare services and part of a global Japanese multinational group. We believe in making healthcare services simpler, smarter, and more effective — and we know it takes great people to make that happen.

What You’ll Be Doing

To safeguard sensitve data ensuring regulatory compliance and protecting IT systems & infrastructure from evolving cybersecurity threats and responsible for the strategic & operational oversight of the organization's cybersecurity posture, data protection governance, and compliance with regulatory frameworks such as PDPA, ISO 27001, and BNM guidelines (RMiT & BCM). This role also assumes the responsibility of the Data Protection Officer (DPO) under the Personal Data Protection Act 2010 (PDPA), ensuring the confidentiality, integrity, and availability of sensitive information assets. This is a mid-level to senior role that blends technical, strategic and leadership responsibilities.

Information Security Management

  • Lead the planning, development, and implementation of the IT security strategy aligned with business objectives
  • Oversee technical security controls, policies, and guidelines across IT systems, applications, and infrastructure
  • Ensure threat intelligence, vulnerability management, and incident response procedures are in place and well maintained
  • Collaborate with Infrastructure, Application, and Compliance teams on secure architecture and configuration

Data Protection & DPO Responsibilities

  • Act as the appointed Data Protection Officer (DPO) under PDPA 2010
  • Monitor compliance with data protection regulations and internal policies
  • Coordinate with departments on personal data processing risk assessments, DPIAs, and consent management practices
  • Handle data breach response coordination, including regulatory notifications and investigations
  • Drive IT risk management activities, including IT / cyber risk assessments, internal audits, and mitigation plans
  • Maintain and enhance alignment with frameworks such as ISO / IEC 27001, NIST, CIS, and BNM TRMF / CRM
  • Support the Compliance Manager with audits and regulatory inquiries involving IT controls
  • Develop and update IT security policies, SOPs, and playbooks

    • Cyber Risk Management & Security Assessment

  • Perform regular risk assessments of networks, systems, applications
  • Identify vulnerabilities, recommend mitigation strategies, and ensure preventive / corrective actions are implemented
  • Schedule and coordinate vulnerability scans and remediation cycles
  • Track open vulnerabilities and patching validation efforts & compliance across systems
  • Work closely with Vendors, Infrastructure, Software Engineering team to close critical security gaps

    • Security Operations, Application & Infrastructure Oversight

  • Manage and monitor firewalls (e.g., Fortigate, Palo Alto), IDS / IPS, WAF, DDOS, Endpoint protection tools (Client, Server & Email)
  • Collaborate with infrastructure / network / software teams / SOC / NOC to secure VPNs, firewalls, and segmentation policies
  • Oversee secure configuration and patch management of physical servers, VMs, and cloud platforms
  • Implement secure configuration baselines for servers / virtualized servers, network & storage devices, databases, and applications
  • Monitor privileged access usage ensuring proper logging and account lifecycle reviews
  • Support secure SDLC practices in software development and deployment (for in-house apps, portals and mobile apps)

    • Access Control, Identity Management & Data Protection

  • Ensure robust Identity & Access Management (IAM) across systems : enforcing access control policies, ensuring least privilege and role-based access
  • Managing multi-factor authentication (MFA) and privileged access for critical systems
  • Work with Stakeholders, HR and IT to enforce role-based access and employee lifecycle policies
  • Implement encryption, secure transmission, and backup protection policies
  • Periodic review of user accounts, especially after employee offboarding

    • Incident Response & Threat Handling

  • Develop and lead incident response plans (IRP)
  • Act as the point-of-contact for all security breaches, incidents, and investigations
  • Conduct post-mortems, report findings, and implement learnings to improve resilience

    • Third-Party & Vendor Risk Management

  • Conduct due diligence on third-party vendors and ensure secure integration practices
  • Regularly review vendor SLAs and security certifications
  • Collaborate with IT, HR, Operations & Legal representatives to implement best practices
  • Review security and data protection related clauses in contracts and third-party agreements
  • Support communication with the PDP Commissioner Office (JPDP) and assist in audits

    • Training and Awareness

  • Work closely with IT Compliance Manager to build a security-conscious culture throughout the organization, conduct security / cyber hygiene, data privacy and handling awareness programs for employees and / or relevant departments and vendors where applicable
  • Maintain training records, materials and awareness results

    • Documentation & Audit Support

  • Where applicable, keep records of security logs, asset inventories, access review findings, and privacy compliance checklists
  • Assist with internal / external audit readiness, documentation, and evidence collection
  • Participate in client due diligence exercises, security questionnaires, and audits

    • What Will Help You Succeed

  • Excellent written and verbal communication skills for both technical and non-technical audiences
  • Analytical, critical thinking and risk assessment capabilities
  • Ability to interpret and translate regulatory requirements into business action with strong understanding of security, personal data handling and privacy obligations
  • Ability to educate, influence, and guide teams in adopting secure practices.
  • Ability to work independently and manage cross-functional stakeholders and clients

    • What We’re Looking For

  • Bachelor\'s degree in computer science, Information Technology, or related field
  • 15+ years in Information Security, Risk Management or Data Governance
  • Deep understanding of network security, VPN / IPSec, endpoint protection, log analysis, vulnerability scanning, and data protection.
  • Hands-on experience with firewalls (Fortigate, SonicWall, Palo Alto, etc), SIEM tools, DLP, IAM (Identity and Access Management), Virtualization, Veeam backup systems, and hybrid cloud security setups
  • Experience in a regulated environment (insurance, healthcare, finance) is strongly preferred
  • Familiarity with ISO 27001 or IT governance or relevant security frameworks is a plus
  • Certifications in CISSP / CISM / CRISC / CISA is a plus

    • Why Join Us

    At Mediexpress, you’ll not only be part of a company that leads in healthcare services, but also one that values collaboration, growth, and innovation. We offer opportunities to learn, contribute, and make a meaningful impact in a supportive environment.

    #J-18808-Ljbffr

    Buat amaran kerja untuk carian ini

    Manager It • Subang Jaya, Selangor, Malaysia

    Pekerjaan yang berkaitan
    • Dinaikkan pangkat
    IT Security & Compliance Manager (PCI-DSS / ISO 27001)

    IT Security & Compliance Manager (PCI-DSS / ISO 27001)

    EPS MalaysiaKuala Lumpur, Kuala Lumpur, Malaysia
    IT Security & Compliance Manager (PCI-DSS / ISO 27001).Working hour : Mon-Fri, 9am-6pm (WFH once confirmed).Industry : IT Consulting Solutions. Manage operational IT Security for a high availability f...Tunjukkan lagiKemas kini terakhir: 1 hari yang lalu
    • Dinaikkan pangkat
    • Baharu!
    IT Security & Compliance (GRC)

    IT Security & Compliance (GRC)

    RandstadKuala Lumpur, Kuala Lumpur, Malaysia
    A multinational company with a 50+ year legacy in the enterprise software space.Specializes in integration, API management, Internet of Things (IoT), analytics, and business process management.Ensu...Tunjukkan lagiKemas kini terakhir: 5 jam yang lalu
    • Dinaikkan pangkat
    • Baharu!
    Datacenter Manager

    Datacenter Manager

    MIGSO-PCUBEDKuala Lumpur, Kuala Lumpur, Malaysia
    Finance & Human Resource Officer at MI-GSO | PCUBED.Lead project execution & alignment with timelines and objectives.Manage cadence, risk, issue tracking, and executive reporting.Conduct cybersecur...Tunjukkan lagiKemas kini terakhir: 5 jam yang lalu
    • Dinaikkan pangkat
    IT Risks Manager, Risks & Controls, (Permanent) M / F

    IT Risks Manager, Risks & Controls, (Permanent) M / F

    CACEIS-GruppePutrajaya, Putrajaya, Malaysia
    IT Risks Manager, Risks & Controls, (Permanent) M / F.Types of Jobs - Risk Management / Control.IT Risks Manager, Risks & Controls, (Permanent) M / F. CACEIS Malaysia has been a cornerstone of asset ser...Tunjukkan lagiKemas kini terakhir: 4 hari yang lalu
    • Dinaikkan pangkat
    Senior, IT & Cyber Security Controls

    Senior, IT & Cyber Security Controls

    GXBankPetaling Jaya, Selangor, Malaysia
    Senior, IT & Cyber Security Controls.GX Bank Berhad - the Grab-led Digital Bank - is the FIRST digital bank in Malaysia, approved by BNM to commence operations. We aim to leverage technology and inn...Tunjukkan lagiKemas kini terakhir: 30+ hari yang lalu
    • Dinaikkan pangkat
    Manager - IT Security

    Manager - IT Security

    GREAT EASTERNKuala Lumpur, Kuala Lumpur, Malaysia
    As Manager of IT Security, the role is pivotal in safeguarding organization information technology environment.The job exists to ensure organization digital world presence remains safe and resilien...Tunjukkan lagiKemas kini terakhir: 4 hari yang lalu
    • Dinaikkan pangkat
    Analyst, IT Security -1

    Analyst, IT Security -1

    Prudential Services AsiaKuala Lumpur, Kuala Lumpur, Malaysia
    Prudential’s purpose is to be partners for every life and protectors for every future.Our purpose encourages everything we do by creating a culture in which diversity is celebrated and inclusion as...Tunjukkan lagiKemas kini terakhir: 30+ hari yang lalu
    • Dinaikkan pangkat
    IT Security Analyst

    IT Security Analyst

    Petron MalaysiaKuala Lumpur, Kuala Lumpur, Malaysia
    Petron Malaysia is an emerging and rapidly evolving Asian oil company.It is part of Petron Corporation which is the leading oil company in the Philippines. Our integrated refining, distribution, and...Tunjukkan lagiKemas kini terakhir: 4 hari yang lalu
    • Dinaikkan pangkat
    Senior IT Security Officer

    Senior IT Security Officer

    Protecthealth CorporationSepang, Selangor, Malaysia
    As a Senior IT Security Officer, you will play a critical role in safeguarding the organisation’s information assets and digital infrastructure. You will be responsible for planning, implementing, a...Tunjukkan lagiKemas kini terakhir: 1 hari yang lalu
    • Dinaikkan pangkat
    • Baharu!
    Senior Manager IT Security & Risk

    Senior Manager IT Security & Risk

    QL Corporate Services Sdn BhdSelangorMalaysia, Selangor, Malaysia
    Work withstakeholdersto resolvecomputer security incidents andvulnerability compliance.Provide advice andinputfor Disaster Recovery,Contingency, and Continuity of Operations Plans.To have an indepe...Tunjukkan lagiKemas kini terakhir: 5 jam yang lalu
    • Dinaikkan pangkat
    • Baharu!
    Information Security Governance & Compliance Lead

    Information Security Governance & Compliance Lead

    Pacific Comnet (M) Sdn BhdKuala Lumpur, Kuala Lumpur, Malaysia
    Information Security Governance & Compliance Lead.Certification & Compliance Governance.Oversee Pacific Internet’s ISO27001 : 2022 certification program and surveillance audits.Govern Acclivis’ trans...Tunjukkan lagiKemas kini terakhir: 5 jam yang lalu
    • Dinaikkan pangkat
    • Baharu!
    IT Configuration Management Governance Manager

    IT Configuration Management Governance Manager

    BATKuala Lumpur, Kuala Lumpur, Malaysia
    IT Configuration Management Governance Manager at BAT, Kuala Lumpur area.Asset Management / CMDB Strategy & Governance : Maintain and evolve the BAT Asset Management / CMDB strategy aligned with ITIL an...Tunjukkan lagiKemas kini terakhir: 5 jam yang lalu
    • Dinaikkan pangkat
    • Baharu!
    IT Configuration Management Governance Manager

    IT Configuration Management Governance Manager

    The British American Tobacco GroupKuala Lumpur, Kuala Lumpur, Malaysia
    BAT is evolving at pace into a global multi-category business.Our purpose is to create A Better Tomorrow™ by Building a Smokeless World. To achieve our ambition, we are looking for colleagues who ar...Tunjukkan lagiKemas kini terakhir: 5 jam yang lalu
    • Dinaikkan pangkat
    • Baharu!
    Senior IT Security

    Senior IT Security

    Raffcomm Sdn BhdKuala Lumpur, Kuala Lumpur, Malaysia
    Oversee and implement comprehensive security strategies across RAFFTECH’s IT infrastructure, encompassing both cloud-based and on-premise environments. Lead the monitoring and management of security...Tunjukkan lagiKemas kini terakhir: 5 jam yang lalu
    Global Governance, Risk & Compliance Manager

    Global Governance, Risk & Compliance Manager

    PeopleLake GroupKuala Lumpur, Kuala Lumpur, MY
    A global technology leader providing IT Solutions such as Geoscience Software & Data Analytics Services, High-Performance Computing as a Service as well as IT Security – dealing with data sovereign...Tunjukkan lagiKemas kini terakhir: 13 hari yang lalu
    • Dinaikkan pangkat
    IT Security Analyst

    IT Security Analyst

    Petron Malaysia Refining & Marketing BhdKuala Lumpur, Kuala Lumpur, Malaysia
    Petron Malaysia is an emerging and rapidly evolving Asian oil company.It is part of Petron Corporation which is the leading oil company in the Philippines. Our integrated refining, distribution, and...Tunjukkan lagiKemas kini terakhir: 9 hari yang lalu
    • Dinaikkan pangkat
    • Baharu!
    IT Security Analyst

    IT Security Analyst

    Petron CorporationPetaling Jaya, Selangor, Malaysia
    Petron Malaysia is an emerging and rapidly evolving Asian oil company.It is part of Petron Corporation which is the leading oil company in the Philippines. Our integrated refining, distribution, and...Tunjukkan lagiKemas kini terakhir: 5 jam yang lalu
    • Dinaikkan pangkat
    Information Security Digital Data Reviewer

    Information Security Digital Data Reviewer

    Accenture Southeast AsiaKuala Lumpur, Kuala Lumpur, Malaysia
    Information Security Digital Data Reviewer role at Accenture Southeast Asia.This position focuses on reviewing content related to apps that pose security risks to users. Identify security violations...Tunjukkan lagiKemas kini terakhir: 30+ hari yang lalu