Deskripsi Pekerjaan
Silverstreet is seeking a highly skilled and detail-oriented Information Security Specialist specializing in Governance, Risk, and Compliance (GRC) to join our global security team in Kuala Lumpur. As a leader in the mobile communications industry, we handle vast amounts of sensitive data, making our commitment to security and regulatory compliance a top priority for our international enterprise clients.
In this role, you will be the driving force behind our security readiness, ensuring that Silverstreet not only meets but exceeds global standards. You will navigate the complexities of ISO 27001, SOC2, and APRA standards such as CPS230 and CPS234. This position is ideal for a compliance expert who enjoys the intersection of technical security controls and strategic business alignment. You will work closely with stakeholders across the organization to bridge the gap between technical implementation and regulatory requirements.
Beyond standard compliance maintenance, you will play a critical role in our business development lifecycle by managing ad-hoc Request for Information (RFI) workflows. Your ability to articulate our security posture to global enterprise partners will be instrumental in fostering trust and securing high-value partnerships. If you are looking for a role where your GRC expertise directly contributes to global operational excellence, Silverstreet offers a dynamic environment to grow your career.
Tanggung Jawab
- Develop, maintain, and enhance the Information Security Management System (ISMS) to ensure alignment with ISO 27001 and SOC2 standards.
- Lead the organization’s compliance efforts regarding APRA CPS230 and CPS234 requirements for financial services readiness.
- Manage and respond to security-related RFIs and vendor risk assessment questionnaires from enterprise-level global clients.
- Conduct regular internal security audits, risk assessments, and gap analyses to identify areas for improvement.
- Draft, implement, and review security policies and procedures to ensure they remain relevant to the evolving threat landscape.
- Coordinate with technical teams to ensure that security controls are effectively implemented and monitored.
- Provide expert guidance to management on regulatory changes and emerging compliance requirements in the ICT sector.
Kualifikasi
- At least 3-5 years of professional experience in GRC, Information Security, or IT Audit.
- Strong working knowledge of international security frameworks, specifically ISO 27001 and SOC2.
- Prior experience dealing with Australian regulatory standards (CPS230/CPS234) is highly preferred.
- Proven ability to manage complex RFI/RFP processes and security documentation for enterprise clients.
- Relevant industry certifications such as CISA, CISM, CRISC, or CISSP.
- Exceptional analytical skills with the ability to translate technical concepts into clear compliance documentation.
- Strong communication and stakeholder management skills, with the ability to work effectively in a global team.