No more applications are being accepted for this job
- Provide consultancy on GRC and implementation of GRC solutions such as Archer for clients as a team member as well as a team leader. This includes identification of good practices for GRC leading to technically feasible and user-friendly deliverables and communicating these to clients' staff.
- Provide configuration and support expertise on GRC solutions e.g. Archer GRC.
- Provide consultancy on Information Security / IT Security engagements for clients as a team member as well as a team leader.
- Provide consultancy expertise on technical and process aspects of IT security solutions such as Data Loss Prevention ("DLP"), Identity and Access Management ("IAM"), Privileged Access Management ("PAM"), cloud security, cyber security architecture, tools and solutions for security automation (continuous monitoring, risk assessments, testing).
- Provide consultancy on Information Security Management Systems ("ISMS") or ISO 27001, Business Continuity Management / IT Disaster Recovery Management or ISO 22301 / ISO 27301, Data Loss Prevention ("DLP"), Identify and Access Management ("IAM"), Privileged Access Management ("PAM"), cloud security.
- Provide consultancy on cyber security risks and developing security standards, procedures, and controls to manage cyber security risks.
- Help in conduct of training on GRC / Information Security / IT Security solutions when required.
- Gain understanding of key customer issues and help create proposals as required.
- Build your own knowledge and competency in cyber security and gain alignment and understanding of at least one industry.
- Lead and manage teams when required, prioritize responsibilities and tasks to deliver quality and timely results and coach & motivate employees working as part of the team.
- This position requires working closely with internal staff from across the affiliated entities and lines of service.
- Key relationships will be with the CTO, Directors, Senior Managers and other team members within the company
- Delivery targets.
- Quality of Deliverables.
- Quality of feedback from client.
- Full adherence to internal firm policies.
- Documentation on knowledge repository kept up-to-date
- Degree in any discipline and/or MBA from a recognized institution; IT Degree preferred.
- GRC Certifications are preferred:
- RSA Archer Certified Administrator
- RSA Archer Certified Associate
- OneTrust Certified GRC Professional
- Must have at least one of the following certifications e.g. GRC Certifications, CISSP, CCSP, SSCP, GSLC, GISP, CISM, CRISC, CGEIT, CISA, CCSK, CEH, CCNA, ISO 27001 Lead Auditor, etc.
- Must have good overall understanding of GRC and Information Security roles and activities.
- Must be able to evaluate security risks and develop security policies, standards, procedures, and controls to manage risks.
- Must be able to develop reporting metrics, dashboards, and evidence artifacts.
- Consultancy and configuration of GRC and implementation of GRC solutions such as Archer for clients as a team member as well as a team leader.
- Providing support on the configuration of GRC solutions e.g. Archer GRC.
- Must have a good understanding and experience of at least one information security & regulatory standards/ frameworks; e.g. ISO/IEC 27001, COBIT, ITIL, PCI-DSS, NIST Cyber Security Framework, RMiT, etc
- Good technical knowledge in at least two of the following areas:
- Data Security, Privacy, Classification and Data Loss Protection.
- IT Disaster Recovery Planning and Business Continuity Management.
- Network security architecture, management and controls including firewall, routers, IPS etc.
- Threat Intelligence & Advanced Persistent Threats ("APT").
- Security Strategy and Roadmaps.
- Security Policy, Standard and Framework.
- Information Security Management Systems.
- Log Management and SIEM.
- Identity and access management solutions and implementation.
- Cloud security.
- At least eight years of working experience in GRC / Information Security / IT Security and / or industry knowledge is preferred
- Must have experience in evaluating risks and developing security standards, procedures, and controls to manage risks.
- Must have experience in developing reporting metrics, dashboards, and evidence artifacts.
- Must have experience in providing consultancy on GRC and implementation of GRC solutions such as Archer for clients as a team member as well as a team leader. This includes identification of good practices for GRC leading to technically feasible and user-friendly deliverables and communicating these to clients' staff.
- Experience in configuration and support on GRC solutions e.g. Archer GRC.
- Experience in consultancy on technical and process aspects of IT security solutions such as DLP, IAM,PAM, cloud security, cyber security architecture, tools and solutions for security automation (continuous monitoring, risk assessments, testing) is preferred.
- Experience in delivering a security engagement such as projects in GRC / ISMS / BCP / IT DR / DLP is preferred.
- Experience in a particular industry is preferred, such as telecom, financial services, government etc.
- Strong problem-solving ability.
- Ability to learn on the fly.
- Good written and verbal communication skills
- Good interpersonal skills.
- Strong customer focus and client service.
- Ability to work with a team.
- Ability to develop self and others.
- Ability to devote the time required to deliver projects and build own capabilities
Manager or Senior Consultant – Governance, Risk, and Compliance - Kuala Lumpur, Malaysia - MVC Resources
Description
Working Arrangement: HybridThe company seeks bright and talented individuals with strong GRC backgrounds and a desire to provide GRC consulting for clients in various industries. Team members are provided the opportunity to enhance their skills in the areas of GRC, Information and IT Security, technical competency in IT security, business development, client service and people development.
Key Responsibilities: