Job description
We are looking for a highly motivated and experienced Information Security & Cloud Compliance Specialist to lead our organization's journey towards ISO/IEC 27001 certification and strengthen our overall cloud and internal IT security posture. This role will be pivotal in building and maintaining our Information Security Management System (ISMS), managing IT asset governance, and addressing client security compliance requirements.
You will also be responsible for guiding and supervising a junior executive, who will support the implementation and daily management of our internal controls.
Key Responsibilities
1.ISO/IEC 27001 Implementation & Governance
- Lead the planning and execution of ISO/IEC 27001 implementation across the organization
- Conduct risk assessments, gap analyses, and drive remediation efforts
- Develop and maintain ISMS policies, procedures, and documentation
- Coordinate with internal teams to implement and monitor security controls
- Prepare for internal audits and manage external certification activities
2.Cloud Security & Governance
- Define and implement security controls across cloud platforms (e.g., Alibaba Cloud, Google Cloud Platform)
- Perform cloud configuration reviews, identity and access management checks, and vulnerability assessments
- Work with DevOps/Infra teams to enforce secure cloud deployment practices
- Monitor cloud environments for potential threats and respond to security incidents
3.Internal IT & Asset Security
- Establish and maintain an IT asset inventory (hardware, software, digital assets) in line with ISO 27001 controls
- Define policies for asset ownership, classification, labelling, and acceptable use
- Ensure internal systems such as Active Directory are securely configured and maintained
- Collaborate with internal IT support to implement and monitor endpoint and network security
4.Client Security Compliance & Support
- Act as the primary point of contact for client security reviews and due diligence requests
- Respond to RFPs, vendor security questionnaires, and client audits
- Provide documentation and assurance aligned with ISO 27001, PDPA, and other industry frameworks
5.Security Monitoring & Incident Response
- Develop and maintain incident response plans, including investigation, reporting, and corrective actions
- Monitor security events and coordinate incident response activities with internal teams
- Maintain security logs, reports, and metrics for audits and continual improvement
6.Team Leadership
- Supervise and mentor a junior executive supporting policy enforcement, documentation, and control tracking
- Assign and review tasks to ensure quality and timeliness of ISMS initiatives
- Promote a culture of security awareness across the organization
Qualifications
- Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or a related discipline
- At least 3 years of hands-on experience in IT security, cloud security, or compliance-related roles
- Proven experience in ISO/IEC 27001 implementation or audits
- Familiarity with cloud security practices on platforms like Alibaba Cloud or GCP
- Knowledge of IT asset management processes and internal IT control frameworks
- Good understanding of Malaysian regulations such as PDPA and industry data protection standards
- Excellent interpersonal and communication skills; able to work across business and technical teams
- Able to work independently and take initiative in a fast-paced environment
Bonus
- Certification in ISO 27001 Lead Implementer, CompTIA Security+, CISSP, or Cloud Security Certifications
- Experience with SIEM tools, cloud monitoring, or security automation
- Familiarity with IT service management tools (e.g., Jira, ServiceNow)
- Basic scripting/automation knowledge (e.g., Python, Bash)
Job Type: Full-time
Pay: RM8,000.00 - RM10,000.00 per month
Benefits:
- Opportunities for promotion
- Professional development
Schedule:
- Monday to Friday
Experience:
- Information Security & Cloud Compliance Specialist: 3 years (Required)
Language:
- Mandarin (Required)
Location:
- Petaling Jaya (Required)
Work Location: In person
