Principal Engineer, Cybersecurity and Compliance

Job description Responsibilities and Job Duties 1. Governance Develop implement, maintain and enforce robust cyber security policies and procedures aligned with regulatory requirements. Develop and maintain a comprehensive security incident response plan to address security breaches and data leaks promptly. Stay informed about emerging cyber security threats and trends and proactively address them. Collaborate with senior management to ensure cyber security is integrated into the organization's overall risk management framework. 2. Risk Management Conduct regular risk assessments to identify vulnerabilities and threats and implement effective risk mitigation strategies. Identify, assess, and mitigate cyber security risks through regular risk assessments and vulnerability scans. 3. Security Operations Monitors alerts raised by SOC team and respond to security threats. Investigating anomalous activity, follows up with appropriate parties, and reports on findings Implement robust monitoring and detection systems to identify and respond to potential threats and attacks. Manage user access privileges, conduct user and roles access review and implement strong authentication and authorization mechanisms. Ensure timely application of security patches and updates to mitigate vulnerabilities. 4. Data Protection Implement and manage measures to classify data based on sensitivity and implement appropriate protection measures. Implement and manage measures to encrypt on sensitive data both at rest and in transit to protect against unauthorized access. Implement measures to prevent unauthorized data ex filtration. 5. Compliance and Awareness Ensure compliance with relevant cyber security regulations and industry standards (e.g., PayNet NBP Rules, PCI DSS). Conduct regular audits and reviews to assess the effectiveness of cyber security controls. Work with legal teams to address legal and regulatory issues related to cyber security. Act as main personnel in engaging with external audit (NBP System Audit, Cyber Resilience, RMiT) Conduct regular security awareness training programs to educate employees about cyber security best practices. 6. Technology and Infrastructure Define controls in implementation of network security measures, such as firewalls, intrusion detection systems, and VPNs. Conduct regular vulnerability assessments and penetration testing to identify weaknesses in the security infrastructure. Implement measures to prevent malware infections. Oversee the implementation and maintenance of security technologies and tools, including firewalls, intrusion detection systems, cloud portals, internal web applications, and all other Safeguards CS management portals. 7. Incident Response and Recovery Lead security incident response and recovery efforts, including coordinating with relevant teams, containing threats, and minimizing damage. Conduct post-incident reviews to identify lessons learned and improve future response Develop and maintain a robust security incident response plan. 8. Vendor Management Manage relationships with third-party security vendors and service providers. Evaluate and select security solutions based on organizational needs and budget constraints. Negotiate contracts and ensure compliance with vendor agreements. 9. Reporting and Communication Provide reports to senior management on the organization's cyber security posture. Communicate effectively with technical and non-technical stakeholders. Develop and deliver presentations on cyber security topics to various audiences. Job Type: Full-time Pay: RM6,000.00 - RM8,000.00 per month