Career Opportunities


Regional Information Security Analyst

Department IT Regional
Location Kuala Lumpur, Malaysia
Position Type Full-time

The Regional Security Analyst will be responsible for ensuring various sites within a geographic region comply with internal policies, various applicable industry standards, and international privacy laws. This role will assist in developing and improving the compliance program as a whole to ensure the company’s security strategy is in line with the business and reduces security risks simultaneously. The Regional Information Security Analyst will work with the US Information Security team in identifying risks-related internal processes or technologies and suggesting control improvements, incident response, and security event monitoring.

Essential duties & responsibilities
Essential duties and responsibilities include the following (other duties may be assigned):
Work with multiple departments inside IT and the business to select and implement controls to meet security requirements and reduce risk.
Perform assessments, reviews, investigations, and other processes to assess compliance, ensure security best practice is followed and security controls are implemented effectively.
Assist with the maintenance and improvement of the internal security framework per business requirements and risk tolerance.
Perform risk assessments on internal processes and technology, and maintain a risk register.
Ensure PCI DSS requirements are effectively implemented and helps gather documented evidence for annual third-party PCI assessments.
Analyze, prioritize, and document security vulnerabilities as part of the risk assessment process.
Assist with the analysis and response to security-related requests and daily operation task related to content filtering, spam filtering, malware protection, SIEM, and vulnerability scanning.
Assist with the creation of security reports for technical teams and management indicating security maturity, compliance and risk, and tactical and strategic mitigation plans.
Participate in security-related projects with other members of security or IT teams.
Assist with the analysis and prioritization of security vulnerability remediation.
Promote security awareness and education.

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required.
5 years of information security experience, or 10 years of direct IT and information security experience.
CISSP, CISA, CISM, or GIAC certification in good standing or equivalent work experience.
Basic understanding of PCI DSS requirements.
Basic understanding international privacy laws.
Knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls.
Ability to perform risk, business impact, control and vulnerability assessments.
Basic, high-level understanding of network and server infrastructure, and security technologies used in a large enterprise. This should include knowledge of best security practice for various technologies.
Ability to identify and evaluate risk potential and define solutions that balance cost, impact, and company performance against that risk.
Security-mindset with the ability to think about how weakness in a system or process could be exploited by a bad actor.
Technical knowledge with respect to security of Microsoft Windows server/desktop and Linux operating systems.
Understanding of security best practice relating to network infrastructure, including routers, switches, firewalls, and the associated network protocols and concepts.
Excellent verbal and written English skills required.
Technical networking or system administration experience is a big plus.

To perform the job successfully, this individual should demonstrate the following competencies:
Attitude – Demonstrate a positive “can do” attitude; show motivation; must be goal oriented and a self-starter; be “solution-minded” rather than “problem-minded”.
Work Ethics – Must be dedicated, responsible, hard-working, and a team player.
Oral Communication – Able to speak clearly with customers and employees in all situations; listen and get clarification; respond well to questions; demonstrate positive response to others.
Written Communication – Able to write clearly and informatively; edit work for spelling and grammar errors; vary writing style to meet needs; able to read and interpret written information.
Professionalism – Approach others in a tactful manner; react well under pressure; treat others with respect and consideration, regardless of their status or position; accept responsibility for own actions; follow through on commitments.
Safety and Security – Observe safety and security procedures; determine appropriate action beyond guidelines; report potentially unsafe conditions; use equipment and materials properly.
Attendance, Punctuality, Dependability – Be consistently at work and on time; ensure work responsibilities are covered when absent; arrive at meetings and appointments on time, follow instructions, respond to management direction; take responsibility for own actions; keep commitments; commit to long hours of work when necessary to reach goals.
For interested and qualified applicants, please submit your CV with a cover letter by clicking on the APPLY FOR THIS POSITION button. Please indicate clearly the position being applied for in the email. We will contact shortlisted applicants in due time. Thank you in advance for your time and interest.