Senior Risk Management Specialist (Cyber / IT Risk)

Role Overview
The Senior Risk Management Specialist is responsible for hands-on execution of IT and cyber risk activities. The role works closely with IT, Security, Audit, and business stakeholders to identify, assess, and manage technology risks in line with group standards.

This is an individual contributor role. The position does not involve people management and requires strong independence and ownership.

Key Responsibilities

  • Perform IT, cyber, and application risk assessments
  • Identify, assess, and document technology and security risks
  • Maintain and update risk registers, risk ratings, and mitigation plans
  • Support IT audit activities, including audit preparation, response, and remediation tracking
  • Review effectiveness of IT and application controls
  • Coordinate with IT, Security, Internal Audit, and business stakeholders
  • Prepare risk reports, dashboards, and management presentations
  • Support risk reviews, workshops, and governance forums
  • Ensure alignment with group risk policies, standards, and frameworks
  • Participate in incident analysis and post-event reviews when required

Key Competencies

  • Strong experience in IT Risk Management, Cyber Risk, or GRC
  • Hands-on exposure to application risk assessment and IT controls
  • Good understanding of IT audit processes
  • Strong stakeholder management, communication, and coordination skills
  • Able to translate technical risks into business-impact language
  • Comfortable working independently and managing multiple priorities
  • Structured, analytical, and detail-oriented
  • Able to work under pressure in a regional environment

Requirements

  • Bachelor’s Degree in Information Technology, Cyber Security, Risk Management, Computer Science, Engineering, or related discipline
  • 6 to 10 years of hands-on experience in IT Risk Management, Cyber Security Risk, Application Risk Assessment, or IT Audit / Technology Controls
  • Experience working in MNC or regional APAC environments is preferred
  • Familiarity with ISO 27001, ISO 31000, NIST, and COBIT frameworks
  • Exposure to GRC tools or structured risk platforms is an advantage
  • Professional certifications is a big plus, including CISA, CRISC, CISSP (risk or governance focus), ISO 27001 Lead Implementer or Lead Auditor, and CIA
  • Excellent communicator in English with strong interpersonal skills

Job Type: Contract (12 Months Renewable)
Job Location: Petaling Jaya

Apply for this position

Allowed Type(s): .pdf, .doc, .docx