Job Description

1. Advice the Head of Information Security / Cyber Strategy and Governance in the development of all technology compliance policies.
2. Collaborate with project planning team to ensure that overall compliance with Celcom Information Security governance policies and guidelines is achieved in the areas of the Celcom Group IT, Telco Infrastructure and business solutions.
3. Assess, identify, select and use various compliance tools to facilitate and automate the compliance program monitoring progress (driving efficiency and effectiveness of compliance process via automation). Develop and update the security baselines for IT and Telco as and when required.
4. Act as SME in the periodic assessment of the company’s IT / Technology and relevant cyber regulatory compliance, and work with selected Cyber / IT and Technology Controls to document inherent and residual IT compliance risks.
5. Provide an advice in relation to the convergence of networks and systems from a technical, product and process perspective
6. Assist with the development and direct Cyber, IT and Technology controls monitoring programs to ensure overall IT / Technology compliance-related risks are managed to the appropriate level of acceptable residual risk.
7. Lead the Report the levels of overall compliance risk and control effectiveness to the Cyber Risk & Compliance Lead and Cyber Strategy & Governance Leads.
8. Develop and document root cause analysis for security incidents and control failures, including exception approvals and waivers.
9. Ability to provide complete and accurate Celcom Information Infrastructure security knowledge with emphasis on the data / information flows and data handling.
10. Contributes in preparing budgets for the solutions and provide inputs for the yearly organization budgets business plan
11. Protect company assets by helping to develop security strategies; directing system control development and access management, monitoring, control, and evaluation. Perform other duties as assigned.
12. Lead risk assessments of new Telco/IT equipment in Celcom environment and third parties as part of the Vendor Risk Management program
13. Lead various Celcom Information Security compliance and Risk Management initiatives.

Job Requirements

• ISO 27001 Implementer / Lead Auditor 
• CRISC (would be added advantage) 
• CISA / CISM/ CISSP (would be an advantage) 
• Good understanding of Information security related standards and best practices (these include ISO 27001, NIST, PDPA, PCI-DSS, Cybercrime act, CSA, IETF,TIA, ETSI etc.) 
• Good understanding of Cyber laws and Law enforcement requirements 
• Good Understanding of telecommunication operations, technologies and its related equipment. 

• At least 5 years of Information Risk Management 
• At least 3 Years in Information Security GRC 

Additional Info