We are Malaysia's leading Credit Reporting Agency (CRA) and we are aggressively expanding our business, and looking for dynamic, driven and motivated individuals to join our team. Our Direct-To-Consumer segment (D2C), is one of our fastest growing product areas in the market, with an abundance of expansion plans and innovative ideas on hand.Develop and maintain a comprehensive incident response plan, including policies, procedures, and guidelines to effectively manage and respond to security incidents.Oversee the incident response process, ensuring timely detection, analysis, containment, eradication, and recovery from security incidents.Coordinate cross-functional teams during incident response efforts, facilitating communication and information sharing among stakeholders to support effective decision-making and response actions.Establish and maintain an incident response team, providing training, guidance, and support to ensure their readiness to respond to security incidents.Plan and coordinate regular incident response simulations such as tabletop exercises, cyber drills, red teaming or cyber range practices.Develop and implement incident response and recovery strategies, leveraging industry best practices, threat intelligence, and lessons learned from previous incidents.Create and maintain documentation related to incident response efforts, including incident reports, lessons learned, and post-incident reviews.Provide regular updates to senior management and relevant committees on incident response activities, trends, and improvement initiatives.Collaborate with internal and external stakeholders to share incident response best practices, threat intelligence, and lessons learned, fostering a culture of continuous improvement.Continuously assess the organization's incident response capabilities and recommend improvements to enhance preparedness and resilience.Bachelor's degree in Computer Science, Computer Engineering, Information Security, Risk Management, or a related field; relevant advanced degree or certifications such as CISA, CRISC, or CISSP are highly desirable.A minimum of 5 years of experience in third-party risk management, GRC, or a related field, with a strong understanding of regulatory requirements, industry standards, and best practices.Proven experience in developing and implementing third-party risk management and GRC programs in a complex organizational environment.Strong analytical, problem-solving, and decision-making skills, with the ability to assess risks and develop appropriate mitigation strategies.Excellent communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams and influence stakeholders at all levels of the organization.Demonstrated leadership skills, with a track record of managing projects and driving results in a fast-paced, dynamic environment.Proficiency in GRC and risk management tools and technologies.Proficiency in incident response and security tools and technologies.Employment Type: PermanentSpoken Language: Malay, EnglishWritten Language: Malay, English