Mandarin Speaking Information Security & Cloud Compliance Officer

Key Responsibilities

1.ISO/IEC 27001 Implementation & Governance

• Lead the planning and execution of ISO/IEC 27001 implementation across the organization
• Conduct risk assessments, gap analyses, and drive remediation efforts
• Develop and maintain ISMS policies, procedures, and documentation
• Coordinate with internal teams to implement and monitor security controls
• Prepare for internal audits and manage external certification activities

2.Cloud Security & Governance

• Define and implement security controls across cloud platforms (e.g., Alibaba Cloud, Google Cloud Platform)
• Perform cloud configuration reviews, identity and access management checks, and vulnerability assessments
• Work with DevOps/Infra teams to enforce secure cloud deployment practices
• Monitor cloud environments for potential threats and respond to security incidents

3.Internal IT & Asset Security

• Establish and maintain an IT asset inventory (hardware, software, digital assets) in line with ISO 27001 controls
• Define policies for asset ownership, classification, labelling, and acceptable use
• Ensure internal systems such as Active Directory are securely configured and maintained
• Collaborate with internal IT support to implement and monitor endpoint and network security

4.Client Security Compliance & Support

• Act as the primary point of contact for client security reviews and due diligence requests
• Respond to RFPs, vendor security questionnaires, and client audits
• Provide documentation and assurance aligned with ISO 27001, PDPA, and other industry frameworks

5.Security Monitoring & Incident Response

• Develop and maintain incident response plans, including investigation, reporting, and corrective actions
• Monitor security events and coordinate incident response activities with internal teams
• Maintain security logs, reports, and metrics for audits and continual improvement

6.Team Leadership

• Supervise and mentor a junior executive supporting policy enforcement, documentation, and control tracking
• Assign and review tasks to ensure quality and timeliness of ISMS initiatives
• Promote a culture of security awareness across the organization

Qualifications

• Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or a related discipline
• At least 3 years of hands-on experience in IT security, cloud security, or compliance-related roles
• Proven experience in ISO/IEC 27001 implementation or audits
• Familiarity with cloud security practices on platforms like Alibaba Cloud or GCP
• Knowledge of IT asset management processes and internal IT control frameworks
• Good understanding of Malaysian regulations such as PDPA and industry data protection standards
• Excellent interpersonal and communication skills; able to work across business and technical teams
• Able to work independently and take initiative in a fast-paced environment

Bonus

• Certification in ISO 27001 Lead Implementer, CompTIA Security+, CISSP, or Cloud Security Certifications
• Experience with SIEM tools, cloud monitoring, or security automation
• Familiarity with IT service management tools (e.g., Jira, ServiceNow)
• Basic scripting/automation knowledge (e.g., Python, Bash)

Job Type: Full-time

Pay: From RM9,000.00 per year

Education:

• Bachelor's (Required)

Experience:

• IT security, cloud security, related background: 3 years (Required)

Work Location: In person