Responsibilities
- Assist in our security compliance programs, including ISO27001, ISO27701, PCI-DSS, SOC 2, etc
- Participate in internal security and privacy assessments, internal and external audits, compliance certifications, and risk management
- Provide complete and accurate responses to internal and third-party enquiries on security compliance
- Perform security compliance assessment activities, including periodic technical, organizational, and third-party risk and control assessments, and managing remediation activities to completion
- Design necessary control required to comply with international standards and local regulations
- Evaluate technical and organisational controls to ensure effectiveness and compliance, including managing the control remediation efforts
- Identify opportunities to reduce manual effort in control testing and audit readiness through scripting and compliance tooling.
- Drive the development and implementation of automation solutions to streamline compliance monitoring, evidence collection, and reporting processes.
Requirements
- Experience in information security compliance, security operations or technology risk management, or consultation related roles.
- Prefer experience with one or more of the following: conducting security control assessments, risk assessments or implementing security solutions.
- Prefer experience with any of the following: ISO27001, ISO27701, SOC2, PCI DSS, cloud technologies, and data protection regulations and requirements.
- Holders of security-related certifications/qualifications will be an advantage: CISSP, CRISC, CISM, CISA, ISO27001 LA, CIPT, CIPP/E, or other relevant certifications
- Minimum 3 / 5 years of hands-on experience in a fast-paced working environment. Candidates with less experience will be considered for a junior position.
- Experience leading compliance initiatives and working with auditors and/or external regulators
- A role combining regional support with a focus on advancing our automation initiatives
- Proven experience with compliance automation tools and techniques (e.g., GRC platforms, scripting, security orchestration, AI, MCP, AI Agent, Agentic RAG)
- Hands-on experience in implementing automated control testing or evidence gathering in cloud or hybrid environments
- Be a friendly team player with a positive attitude
- Demonstrate a strong commitment to personal learning and development
- Detail minded with an analytical mindset
- Good communication skills with an ability to explain complex technical issues to non-technical business users
- Prior experience with project management
Laporkan kerja
