Summary

We are partnering with a Fintech firm, in search of Lead, Technology Risk & Governance to lead and oversee business security governance across their Asia operations. This role focuses on ensuring compliance with ISO 27001, PCI DSS, managing security risks and implementing Governance, Risk, and Compliance (GRC) tools and processes.

Responsibilities:

• Lead business security governance across Asia operations, ensuring alignment with policies and the local’s regulatory standards.
• Ensure compliance with ISO 27001 and PCI DSS and support other certifications
• Act as a Subject Matter Expert (SME) for risk mitigation strategies, certifications and the maintenance of ongoing security and regulatory requirements
• Conduct risk assessments, audits, and support accreditation efforts for both internal and outsourced activities
• Be the main contact point of external audit activities
• Develop and maintain the Security Management System (SMS)
• Collaborate with business leaders to deploy security frameworks and controls
• Lead investigations into security incidents and provide actionable reports to management
• Monitor and advise on cloud security, including AWS, Azure, GCP, Kubernetes, serverless technologies, and data protection practices
• Utilize GRC tools (Grafana, Kibana, Power BI) to manage and report on security posture

Requirements:

• Bachelor’s degree in IT or a related field.
• A minimum of 8 years of experience in IT Security, Data Protection, Governance, Risk Management or Audit
• Preferred certifications: CISSP, CISA, CISM
• Strong knowledge of IT and OT security, cloud security and data protection
• Knowledge of COBIT, ISO 27001 and GRC platforms

If this sounds like the role for you, please submit your resume to sewyee.gan@techstaffing.my, stating the job title. We regret that only shortlisted candidates will be notified, but we look forward to connecting if another opportunity arises.