Security Engineer

Job Responsibilities:

• Support the maintenance and enhancement of the technology risk governance framework, including efforts to achieve relevant certifications.
• Assist in ensuring compliance with Bank Negara Malaysia's RMiT policy and other applicable regulatory requirements.
• Contribute to the development and periodic review of IT and cybersecurity risk appetite statements and governance strategies.
• Provide oversight on governance practices and control measures related to technology and cybersecurity risks.
• Assist in coordinating the Information Security Working Committee and other related governance forums.
• Lead and perform periodic control and risk assessments, ensuring thorough coverage across all critical technology and cybersecurity areas.
• Record, monitor, and report risk assessment outcomes, clearly communicating risk exposure and recommended actions to stakeholders.
• Serve as the primary owner for open risk items, ensuring proper tracking, timely escalation, and effective remediation by responsible parties.
• Develop and present key risk metrics and reports for management review.
• Provide control assurance support, including facilitating risk assessments, managing deviations, and overseeing mitigation plans.
• Support internal and external audit activities, including coordinating control assessments and ensuring regulatory compliance.
• Perform third-party security risk assessments (TPSA) and contribute to supply chain risk management initiatives.
• Monitor and follow up on audit findings to ensure timely resolution and closure.
• Track external threat intelligence and escalate emerging risks when necessary.
• Support the review, maintenance, and publication of information security policies, standards, and procedures.
• Assist in the approval process and facilitate the training and communication of security policies and best practices.
• Monitor adherence to cybersecurity policies and controls across the IT function.
• Propose enhancements to policies and procedures to improve operational efficiency and ensure regulatory compliance.
  
  

Job Requirements:

• Bachelor's degree (preferably in IT), such as Computer Science, Computer Engineering, Information Systems, or a related field, or equivalent experience.
• Minimum of 8 years of relevant experience in information and cybersecurity risk management, preferably within the financial services industry.
• Possession of industry-recognized information security certifications (e.g., CISSP, CISA, CISM, CRISC, CGEIT) is an added advantage.
• Excellent verbal and written communication skills in English, with the ability to engage effectively with both technical and non-technical senior stakeholders.
• Strong listening, negotiation, and interpersonal skills.
• Ability to work independently while also collaborating effectively as part of a team.
• Solid understanding of technology and operations, including cloud environments.
• Good knowledge of the insurance business domain and its key success factors.
• Highly resourceful with strong attention to detail, and the ability to gather, analyze, and interpret data across multiple IT and business disciplines.
• Strong conceptual and analytical thinking skills, with the ability to synthesize diverse information into meaningful risk insights and recommendations.
• Knowledge of aligning IT risk responses with evolving business needs and regulatory requirements.
• In-depth understanding of business risk, IT governance, enterprise risk management, information security, and local regulatory compliance requirements.
• Ability to develop a comprehensive understanding of the insurance business, market, and industry, and apply this knowledge to identify operational and IT-related risks.