Information Security Auditor
Job Summary
- Developing, maintaining and managing the gap and maturity assessments with all organisation’s operations, combining efforts into a single security control measurement and ensuring compliance with regulatory requirements, industry standards and overall Risk Management requirements. The incumbent will ensure effective controls are in place and support all activities necessary to enable the organisation to respond to business disruption.
Job Description
- Lead the internal information security audit.
- Perform gap and maturity assessments between security processes and client operations against recognised global frameworks (e.g. ISO 27001, COBIT, NIST CSF, VPDSF, PSPF, ISM,BNM,SIRIM,External Audit)
- Prepare audit reports (with fieldwork auditors) in accordance with gaps and assessment findings.
- Manage and adjust the IT audit plans based on the changing IT controls, risk posture, and/or business priority
- Constantly develop consulting skills in a range of technology services, such as IT security strategy, governance, sourcing, risk and resilience.
- Build strong audit relationships with key IT Management via regular interaction so as to be informed of emerging risk issues and other key changes for assigned locations and BUs
- Work with management to ensure controls are embedded in processes and operating procedures and adequately mitigate process risks, taking into consideration internal and external best practices. The Successful Applicant • Degree in Computer Science / Information Technology / Cybersecurity or related discipline • IT auditing: CISA preferred, alternatives may be acceptable.
- Lead/facilitate discussion of issues and remedial action plans with the appropriate levels of management.
- Follow up on outstanding audit issues and monitor the timely completion of agreed remedial actions by management.
- Supporting the senior leadership team with proposals, business and practice development.
- Proactively contribute to the development of the team through coaching, training and providing timely feedback to junior staff. • Take the initiative in improving yourself through classroom and on-the-job training.
- Lead other responsibilities and duties periodically assigned by the Head of Security in order to meet operational and/or other requirements.
Job Requirements
- University graduate in IT or Computer Science or equivalent
- Minimum 3-5 years of working experience in IT audit, Information Security and/or other relevant experience, preferably with regional experience • Certified Information Systems Auditor (CISA) / Certified Information Security Manager (CISM) with strong understanding in IT controls and risks • Excellent command of both oral and written English
- Information security, risk, IT, governance and/or business analysis background with some exposure to relevant ISO/IEC, NIST, BNM's RMiT and other standards • Knowledge in network security and cybersecurity is essential.
- Proven experience in IT infrastructure, Cybersecurity, system development processes and/or other business continuity management
- Good analytical, interpersonal and influencing skills • Solid problem-solving skills, ability to analyse complex data, identify core issues, investigate, evaluate and reach appropriate conclusions • Ability to direct and drive multiple engagements simultaneously
- Knowledge and experience in Cloud Computing are an advantage.
- Experience in the life insurance business or financial services industry is a definite advantage
- Energetic, result-oriented, ability to work under pressure and self-motivated
Job Types: Full-time, Contract
Contract length: 12 months
Salary: RM7,000.00 - RM9,000.00 per month
Schedule:
- Monday to Friday
Ability to commute/relocate:
- Bangsar South: Reliably commute or planning to relocate before starting work (Required)
Education:
- Bachelor's (Required)
Experience:
- IT audit, Information Security: 3 years (Required)
License/Certification:
- Certified Information Systems Auditor (CISA (Required)
Willingness to travel:
- 75% (Required)
Application Deadline: 05/20/2023
