Information and Network Security GRC Senior Specialist at Maxis

Kuala Lumpur, Kuala Lumpur, Malaysia -

Full Time

Start Date

Immediate

Expiry Date

30 Jan, 26

Salary

0.0

Posted On

01 Nov, 25

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Information Security, Risk Management, Compliance, ISO 27001, Third-Party Risk Management, Control Testing, Stakeholder Engagement, Communication Skills, Audit Management, Dashboarding, Cybersecurity, Incident Management, Regulatory Reporting, Metrics Development, Governance, Cyber Resilience

Industry

Telecommunications

Description

Are you ready to get ahead in your career? We want to empower you to turn your ambitions into achievements. We thrive in inclusiveness, diversity and embrace close collaborations for you to create impact for yourself and others. Together, we aim to bring the best of technology to help people, businesses and the nation to be ahead in a changing world. To realise our vision to become Malaysia’s leading converged solutions company, we are looking for a new talent to innovate and grow with us in a culture that values commitment, performance and possibilities. Why does this job exist and why is it critical? Job Summary The role oversees compliance and risk management across critical technology systems, ensuring alignment with internal standards (INS/CoP), ISO/IEC 27001, and regulatory requirements. Responsibilities include managing control baselines, third-party risk, and audit readiness; coordinating regulatory and board reporting; conducting control testing and assurance; and maintaining dashboards and key risk indicators for senior governance forums. What are you accountable for? 1.INS / CoP Compliance (NCII): Own the INS/CoP control baseline for critical systems across ISD and Telco Network; maintain the critical systems inventory, scope and control mapping; embed Technology & Cyber Risk Management and Cyber Resilience requirements into technical and procedural controls and SLAs. 2.Management, Regulatory & Board Reporting: Coordinate regulatory submissions (e.g., monthly/half‑yearly dashboards, incident notifications) and provide updates to senior governance bodies (e.g., TGC, ARC); track feedback and actions to closure. 3.ISO/IEC 27001 (ISMS) Governance: Act as control owner/co‑owner for applicable Annex A controls; maintain accurate SoA, risk treatment plans, audit evidence; support internal/external ISMS audits, surveillance, and certification activities. 4.Third‑Party Risk Management (TPRM): Run end‑to‑end TPRM: vendor tiering, security questionnaires, evidence review, risk scoring, contractual security clauses (Cybersecurity General Policy & Consequence Management), tracking, and escalations for non‑responsive or high‑risk vendors. Ensure subcontractors inherit Maxis security obligations. 5.Control Testing & Assurance: Plan and perform control testing, walk‑throughs and sampling for INS/CoP, PDP, ISO 27001, and TPRM controls; produce clear findings and risk‑based remediation plans with accountable owners and target dates. 6.Metrics, KRIs & Dashboards: Develop and maintain compliance dashboards/metrics (INS/CoP, PDP, ISO 27001, TPRM). Present KRIs/KPIs to management forum, Technology Governance Committee (TGC) and ARC; ensure single source of truth for audit/regulatory evidence. 7.Incident & Resilience Enablement: Advise on incident classification, regulatory notification criteria and evidence capture for ISD & Network; ensure playbooks and runbooks reflect INS/CoP expectations and resilience targets (RTO/MTD). What do you need to have to fit this role? Bachelor’s degree in Information Security, Computer Science, IT, Risk Management, or related field. Knowledge of INS/CoP, ISO/IEC 27001, and regulatory compliance frameworks. Experience in third-party risk management and vendor security assessments. Ability to manage audits, control testing, and remediation planning. Skilled in compliance reporting, dashboarding, and presenting KRIs/KPIs. Strong stakeholder engagement and communication skills. Relevant certifications (e.g., ISO 27001, CISA, CRISC, CISSP) are an advantage. What’s next? Once you’ve applied online, our team will carefully review your application. Due to a high volume of applications, we appreciate your patience to allow for a fair and timely review process. Should you be shortlisted for the role, we will send you an invitation via email for a digital interview. You can also check on your application status by logging into your candidate account. Maxis values diverse voices & people. We hire and reward our employees based on capability & performance — regardless of ethnicity, gender, age, education, religion, nationality or physical ability. Tomorrow Begins Today We are the leading integrated telco in Malaysia, connecting people and businesses to a world of possibilities. Tomorrow Begins Today, as we make aspiration achievable today with reliable connectivity and simple experiences. We deeply believe that the key element to our success has always been our people. Visit our careers page to learn more about #LifeAtMaxis. #SimplyMaxis Culture To realise our shared vision to be the leading integrated telco in Malaysia, we have embedded the language of commitment, performance, and possibilities to embody our culture values. Our #SimplyMaxis culture encompasses four values which are ‘Keep It Simple’, ‘Focus On Real Customer Needs’, ‘Go For Gold’, and ‘Celebrate Winning Together’. Watch these videos and hear from our people who live and breathe our #SimplyMaxis culture.

Responsibilities

The role oversees compliance and risk management across critical technology systems, ensuring alignment with internal standards and regulatory requirements. Responsibilities include managing control baselines, third-party risk, audit readiness, and maintaining dashboards for senior governance forums.