Senior Specialist, IT Security Policy & Compliance

Life at U Mobile We are Passionate, Innovative, Trustworthy, Team-Oriented & Fun-Loving.

At U Mobile, we are always on the lookout for great talents and passionate individuals to join our growing team. Let’s start your journey with an award-winning organization! #UnlimitingYourPotential

Top Reasons To Join Us • Awarded as the Most Preferred Graduate Employers (2022& 2023) & Gold Winner for Excellence in Workplace Culture (2021) • Comprehensive medical, dental, optical and insurance benefits • Flexi working hours arrangements • Staff Line & Device Subsidy • Smart Casual Attire • Child Parental Care Leave • Convenient location with access to public transport (Imbi Monorail/Bukit Bintang MRT) • Special employee discounts for selected F&B Brands

Job Responsibilities

1. Compliance Program Management: • Develop, implement, and manage an IT security compliance program to ensure adherence to applicable laws, regulations, and industry standards. • Stay abreast of changes in relevant compliance and regulatory requirements and update policies and procedures accordingly. • Conduct regular compliance assessments and audits to identify and address areas of non-compliance. • Coordinate and manage internal and external compliance audits. • Develop and maintain comprehensive GRC policies, standards, and procedures documentation. • Ensure that policies are communicated effectively throughout the organization, and provide guidance on compliance requirements.
2. Governance Framework: • Establish and maintain an effective IT security governance framework that defines the roles, responsibilities, and decision-making processes related to security and compliance requirements (e.g. PDPA, ISMS/ISO 27001, NIST, PCI DSS, RMIT). • Collaborate with key stakeholders to integrate security governance into overall corporate governance structures.
3. Risk Management: • Identify potential risks and threats to IT security, assess, and develop risk mitigation plans to prioritize IT Security risk. Work closely with the risk management team to identify and prioritize IT security risks. • Develop and implement risk mitigation strategies and controls to address identified risks
4. Compliance Reporting: • Prepare and deliver regular reports on the status of IT security compliance to executive leadership and relevant stakeholders. • Ensure that compliance metrics are tracked and reported accurately.
5. Training and Awareness: • Develop and deliver IT security compliance training programs to educate employees on their roles and responsibilities. • Foster a culture of awareness and compliance throughout the organization.