Specialist, IT Governance & Compliance
- Malaysia
- Permanent
- Full-time
Job Summary
The Specialist, IT Governance and Compliance is responsible for establishing and maintaining a framework to ensure that IT systems and processes support the organization's business objectives, comply with regulatory requirements, and manage risk effectively. This role will lead the development and enforcement of IT policies, standards, and procedures, and ensure alignment with industry best practices and frameworks such as ISO 27001, NIST CSF, COBIT, PCI DSS, MCMC INSG, PDPA etc.Job Responsibilities
- Develop, implement, and maintain IT governance frameworks, policies, and procedures.
- Ensure compliance with internal policies, external regulations, and industry standards (e.g., GDPR, ISO 27001, NIST, PCI-DSS, PDPA).
- Lead IT risk assessments and audits; identify gaps and oversee remediation efforts.
- Collaborate with internal stakeholders to ensure IT controls are embedded in business processes.
- Monitor and report on compliance metrics and risk indicators to senior management.
- Manage third-party risk assessments and vendor compliance reviews.
- Support incident response and business continuity planning from a governance perspective.
- Stay current with regulatory changes and emerging risks in the IT landscape
Job Requirements
- Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or related field.
- 7+ years of experience in IT governance, risk management, or compliance roles.
- Professional certifications such as CISA, CISM, CRISC, or ISO 27001 Lead Implementer/Auditor.
- Experience in regulated industries (e.g., telco, finance, healthcare).
- Familiarity with cloud compliance (AWS, Azure, GCP).
- Project management experience (PMP or equivalent is a plus).
- Strong knowledge of IT frameworks (NIST CSF, COBIT, ITIL) and regulatory standards.
- Experience with audit processes and tools (e.g., GRC platforms).
- Excellent communication, leadership, and stakeholder management skills.