Job Description

You will support the Head of IT Security in driving governance, risk management, and cyber defence initiatives to safeguard Maybank's technology landscape.

Responsibilities:-

1. IT Security Assessments


Perform technical security assessments across infrastructure, applications, and cloud environments. Provide expert guidance on security architecture and cloud security best practices. Evaluate systems to ensure compliance with security requirements and industry standards.
2. IT Security Governance


Review and enforce IT security standards, procedures, and policies. Assess IT practices to ensure alignment with security frameworks and regulatory requirements. Maintain adherence of security processes and recommend improvements.
3. IT Security Technologies


Manage and operate various security tools and platforms, including but not limited to: Breach and Attack Simulation (BAS) Control Validation Tools Active Directory Security (AD) Endpoint Detection and Response (EDR) Data Loss Prevention (DLP) Network Detection and Response (NDR) Provide technical expertise on the deployment, integration, and optimisation of security solutions.
4. IT Security Program Management


Lead key security projects and initiatives from planning to execution. Act as the point of contact for security tool deployments and technology rollouts. Organise and execute cybersecurity exercises, including training and awareness programs for stakeholders. Ensure effective stakeholder engagement across departments.
5. Remediation Management


Lead critical remediation programs to strengthen the organisation's security posture. Plan, strategize, and implement corrective actions based on risk assessments and security findings. Collaborate with cross-functional teams to drive timely resolution of identified security gaps.

Requirements:

Bachelor's degree in a relevant field with at least 7 years of experience in IT security compliance and governance. Mandatory: CISSP certification Preferred: CISM, CISA, SANS, OSCP (highly regarded). Strong knowledge of IT security concepts, best practices, and regulatory requirements. Familiarity with the current cyber threat landscape, including Cyber Defence, MITRE ATT&CK, and threat-control mapping methods. Deep understanding of attack methodologies and defines strategies using IT security tools and products. Experience in secure systems development lifecycle (SDLC) assessments and security testing before deployment. Hands-on experience conducting cybersecurity assessments, gap analyses, and cyber drills. Ability to develop strategic security roadmaps and deliver comprehensive assessment reports with actionable recommendations. Extensive experience with certification and audit processes, including systems compliance best practices. Knowledge of application security and data analytics is an advantage. Strong communication and collaboration skills, with experience working in cross-functional teams.



Only shortlisted candidate will be notified.