Overview
Head / Executive Vice President, Information Security Officer Jobs in Petaling Jaya, Selangor, Malaysia at PRASARANA MALAYSIA BERHAD
Title: Head / Executive Vice President, Information Security Officer
Company: PRASARANA MALAYSIA BERHAD
Location: Petaling Jaya, Selangor, Malaysia
JOB PURPOSE
Responsible for developing and implementing an information security program that protects the organisation’s digital assets, infrastructure, and data. To lead efforts to identify, assess, and mitigate cybersecurity risks, ensure compliance with regulatory requirements, and foster a culture of security awareness across the organisation.
This role requires a strategic thinker with strong leadership skills and deep expertise in cybersecurity.
KEY ACCOUNTABILITIES
1. Strategic Leadership:
Develop and execute a comprehensive information security strategy aligned with organizational goals.
Provide leadership and guidance to the cybersecurity team and stakeholders across the organization.
Advise the executive team and board of directors on cybersecurity risks and mitigation strategies.
2. Risk Management:
Identify, assess, and prioritize cybersecurity risks to the organization.
Implement risk management frameworks and processes to mitigate vulnerabilities.
Monitor emerging threats and adapt security measures accordingly.
3. Security Operations:
Oversee the design, implementation, and management of security technologies, including firewalls, intrusion detection/prevention systems, encryption, and endpoint protection.
Manage incident response plans and lead investigations into security breaches or incidents.
Ensure continuous monitoring and improvement of the organization’s security posture.
4. Compliance and Governance:
Ensure compliance with relevant regulations, standards, and frameworks (e.g., PDPA, GDPR, HIPAA, ISO 27001, NIST, PCI-DSS).
Develop and enforce security policies, procedures, and standards.
Conduct regular audits and assessments to ensure adherence to security requirements.
5. Awareness and Training:
Promote a culture of security awareness through training programs and communication initiatives.
Educate employees on cybersecurity best practices and their role in protecting organizational assets.
6. Team Management & Collaboration:
Build and lead an information security team, including security analysts, engineers, and compliance specialists.
Collaborate with IT, legal, compliance, and business units to ensure security requirements are met.
Establish partnerships with external vendors, law enforcement, and security organizations.
7. Vendor and Third-Party Management:
Evaluate and manage the security posture of third-party vendors and partners.
Ensure contracts and agreements include appropriate security requirements.
8. Budget and Resource Management:
Develop and manage the cybersecurity budget.
Allocate resources effectively to support security initiatives and projects.
QUALIFICATIONS & EXPERIENCE
Bachelor’s degree in Computer Science, Information Security, Cybersecurity, or related field.
Advanced degree (e.g., MBA, MS) or relevant certifications (e.g., CISSP, CISM, CISA, CRISC) preferred.
Minimum of 10 years of experience in information security, with at least 5 years in a leadership role.
Proven track record of developing and implementing enterprise-wide cybersecurity programs.
Experience in managing security operations, incident response, and risk management.
SKILLS AND COMPETENCIES
Deep knowledge of cybersecurity frameworks, standards, and best practices.
Experience in cloud security, DevSecOps, and emerging technologies such as AI-driven security.
Strong understanding of regulatory requirements and compliance.
Knowledge of industry-specific security challenges (transportation and government).
Ability to work in a fast-paced environment and manage multiple priorities effectively.
Excellent leadership, communication, and interpersonal skills.
Ability to think strategically and translate vision into actionable plans.
Strong analytical and problem-solving skills.
