Assistant Manager (Cybersecurity and Compliance)

Responsibilities:

Cybersecurity Governance:

• Develop, implement, and review cybersecurity policies, standards, and procedures in alignment with organizational needs and national frameworks (e.g., CSA, IM8).
  Drive awareness and training programmes to embed a culture of cybersecurity across the organisation.
• Provide guidance to business units on secure practices and policy adherence.

Cybersecurity Risk Management

• Conduct regular risk assessments on IT systems, operational technologies, and supply chain processes to identify vulnerabilities and threats.
• Assess the cyber security risk of third-party vendors with an appropriate level of detail;
• Identify controls to address gaps in third party vendor relationships; Monitor the implementation of controls
• Establish risk registers, recommend mitigation strategies, and track remediation activities.
• Monitor emerging cybersecurity risks, particularly those affecting logistics, warehousing, and transportation systems
• •Liaise with the application project team on Penetration test findings closure and improvement; track finding and ensure timeliness closure.
• •Ensure Cyber risk register are kept up to date and risk are calculated accurately.

Cybersecurity Compliance and Audit 

• Ensure compliance with regulatory requirements (e.g., PDPA, Cybersecurity Act, MAS TRM) and global standards (ISO 27001, NIST).
• Coordinate and support internal/external audits and customer security assessments.
• Maintain and update compliance documentation, audit evidence, and reports.
• Conduct assurance reviews to validate governance adherence and expected outcomes.
• Collaborate with technology and business teams to automate compliance checks and audit processes.
• Assess third-party vendor cybersecurity risks, define and monitor controls, and track remediation.
• Oversee security operations service provider in managing cybersecurity incidents and operations.
• Support deployment of cybersecurity solutions and assist in resolving security-related issues.
• Monitor, detect, and ensure timely remediation of cyber threats, risks, and vulnerabilities.
• Stay current with emerging threats, technologies, and industry best practices; recommend controls and solutions.
• Plan, conduct, and oversee vulnerability assessments and penetration testing, ensuring timely closure of findings.

Incident Preparedness & Reporting

• Support the development and testing of cybersecurity incident response and business continuity plans.
• Ensure governance and compliance aspects are addressed during incident investigations and post-mortems.
• Report cybersecurity metrics and compliance status to senior management and relevant committees.

Requirements:

• Degree/Diploma in Cybersecurity, Information Security, Computer Science, or a related discipline.
• CISM, CISSP, CRISC, ISO 27001 Lead Implementer/Auditor, or equivalent.
• 5-8 years of experience of relevant cybersecurity experience, with at least 2–3 years in governance, risk, and compliance functions.
• Proficient in MS Office Applications / Microsoft Power Platform Applications and social media platforms
• Basic understanding of cybersecurity principles and best practices