Information Security Risk Analyst (3055)
Kuala Lumpur, Federal Territory of Kuala Lumpur, Malaysia
GBG
We offer a range of solutions that help organisations quickly validate and verify the identity and location of their customers.About GBG
GBG offers a range of solutions that help organisations quickly validate and verify the identity and location of their customers. Our market-leading technology, data and expertise help our customers improve digital access, deliver a seamless experience and establish trust, so that they can transact quickly, safely and securely with their customers online. We have over 1,000 team members across 15 countries and work with over 20,000 customers in over 70 countries. Some of the world's best-known businesses rely on GBG to provide digital services and keep the economy moving.
The role
GBG’s Information Security team are accountable for GBG’s overall security posture, including all aspects of the Information Security Management System, including, security architecture, framework and standards compliance, security training, supply chain risk management, operational security and information security risk management.
You will be responsible for implementing GBG’s Information Security Management System in accordance with relevant best practice frameworks and ensuring compliance with corporate policy across the group. As part of these activities, you will be a security champion, helping to embed security as a natural part of the fabric of the business globally. You will also be responsible for the management and maintenance of GBG’s information security certifications and supporting ongoing internal and external audit activities.
What you will do
To help you be successful, we're looking for
- Support in the development, maintenance, and delivery of GBG’s ISMS and policies, procedures and standards.Deliver and monitor information security training and awareness activities.
- Support all internal audit activities and ensure corrective action plans are developed and implemented, in collaboration with Information Security Risk Analysts.
- Support ongoing certification audit activities (ISO 27001, PCI DSS, CyberEssentials).
- Liaise with external certification bodies and auditors to ensure all audits are properly planned, resourced, and executed with minimal disruption to the business.
- Respond to Requests for Information (RFI) from GBG’s customers and external stakeholders
- Support 3rd party due diligence and risk assessment of GBG’s suppliers and partners
- Ensure the implementation of GBG’s continuous improvement process.
Skills
- A background in technology and information security is essential
- Experience of implementation of security policy, process and procedure within a technology focussed organisation is essential
- Experience of common information security management frameworks and standards, such as ISO2700X, COBIT, PCI-DSS, CPS 234 and National Institute of Standards and Technology (NIST).
- Experience of the certification process and audit participation (ISO 27001, SOC 2, PCI DSS)
- A working knowledge of relevant data protection legislation (DPA, GDPR).
- Strong analytical skills to analyse security requirements and relate them to appropriate security controls.
- Strong ICT skills including familiarity with Microsoft Office365 product suite.
- Excellent document writing skills and the ability to present and articulate complex data in a clear and intuitive way, are essential.
What’s in it for you?
We have a vision to have the best and most engaged team members in the industry. People matter at GBG, they make us who we are. Every team member across all our locations makes a difference, everyone has something to contribute. Maybe you too could make a difference.
As part of our commitment to our team and flexible working approach, we have created a Work When and Where You Want Policy to give our team members choice and empowerment, and to support a balance in work and home life. Please ask your Talent Attraction Specialist for more information on this and our Family Friendly policy if you want to find out more!
Next steps
If you’re interested, please apply! We’re looking to hire the best and most engaged people into our business and we’ll make an offer once we’ve found that person.
As an equal opportunity employer, we are committed to providing fair opportunities for everyone regardless of age, gender, race, religion, sexual orientation, parental status or disability. Everybody is welcome and our inclusion and diversity programme, be/yourself, is designed to ensure that you can thrive. Please inform your GBG Talent Attraction Specialist if you require any reasonable adjustments to the interview process.
Tags: Audits COBIT Compliance GDPR ISMS ISO 27001 NIST PCI DSS Risk assessment Risk management SOC 2
Perks/benefits: Flex hours
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Product Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open Kubernetes-related jobs