Senior Lead, Cybersecurity GRC [RID-00654]

About Setel:

The Future of Mobility

Introduced in July 2018, Setel is a mobile platform that aims to delight customers by innovating for better, inclusive mobility. Setel serves customers across Malaysia by powering one app as the constant companion to ease motorists’ journey across fueling, parking, EV charging, motor insurance, road tax, auto assistance, general purchases, and more across an ecosystem of PETRONAS petrol stations, retail partners, and online merchants.

Role Purpose:

The Senior Lead, Cybersecurity Governance, Risk & Compliance (GRC) establishes

and manages Setelʼs cybersecurity governance framework, standards, guidelines and

policies, alongside managing cyber risk and ensuring the compliance of Setel and its

extended ecosystem to identify cybersecurity statutory, regulatory and organizational

requirements, to ensure that cyber risk is managed within the risk appetite set by the

Setel Board of Directors.

In this role you will:

• Develop, deploy and maintain key cybersecurity policies, frameworks, standards, governance, rules and procedures that establish the fundamental cybersecurity controls required to secure the Setel organization in compliance with statutory and regulatory requirements (e.g. from Bank Negara Malaysia) and organizational governance (e.g. PETRONAS, to ensure standardization of cyber risk management practices in the safeguarding Setelʼs assets.
• Determine the need for new or changed policies, standards, guidelines, controls and governance in response to changes in technology, business landscape, risk appetite, threat and scape and regulatory environment, to ensure Setel remains compliant to the evolving cybersecurity ecosystem and to minimize exposure to the constantly changing threat landscape.
• Design and manage the implementation of cybersecurity-related governance and compliance exercises to ensure Setel remains compliant to statutory and regulatory requirements as well as organizational governance in an efficient and effective manner.
• Act as the custodian of Setelʼs cybersecurity governance, policy and ‘fit for purposeʼ control framework and any related guidance (e.g. from regulatory requirements) to provide guidance and proper intervention for queries related to cybersecurity that may arise across any of Setelʼs business operations.
• Drive the implementation of Setelʼs cyber risk management processes through the review of ongoing cybersecurity business impact and risk assessments and the progress monitoring of risk mitigation plans to ensure risk controls are effective and efficient both in design and in mitigating the impact of risk.
• Identify, review and assess new risks through compliance, vulnerability management and threat intelligence sources/exercises and propose corresponding mitigation plans with related internal and external stakeholders to ensure all corrective measures/controls are in place to safeguard Setelʼs assets and operations.
• Manage relationships and processes with key internal assurance stakeholders including Enterprise Risk Management, Compliance and Governance to act as primary focal point related to cyber assurance coordination and data reporting in the overarching management of compliance and audit exercises related to cybersecurity.
• Cover the tasks of other Lead (as and when necessary), and collaborate with both internal stakeholders and external third parties in ensuring the delivery of cyber initiatives and the compliance with requirements.

You're a great fit if you have:

• Bachelorʼs Degree in Computer Science, Computer, Information Technology or Telecommunication Engineering degrees preferred.
• Other degrees may be accepted if accompanied by internationally-recognized cybersecurity certifications in risk management, e.g. CRISC Certified in Risk and Information Systems Control), CGRC Certified in Governance, Risk and Compliance) or equivalent.
• 8-10 years of experience in information security in the Financial Services industry.
• Experience in developing and deploying in cyber security governance, guidelines & risks.
• Experience with security & privacy standards and regulations such as BNMʼs RMiT, PCIDSS, NIST.
• Capable of making sense of complex, high quantity and sometimes contradictory information to effectively solve cybersecurity problems.
• Practiced and applied understanding of regulatory and technical trends, competitive dynamics and company capabilities in a constantly evolving environment.

Technical/Functional Skills

• Cybersecurity governance and compliance
• Risk management
• Regulator and industrial requirements
• Incident response protocols
• Crisis management
• Cyber drill/red-team/table-top exercises
• Network
• Cloud
• Endpoints
• Applications
• Data
• Identity & Access
• AI

Leadership/ Behavioral Skills

• Confidentiality: Ability to handle sensitive information with confidentiality.
• Analytical Thinking
• Business Development
• Decision Making and Judgement
• Effective Communication

What Makes Working With Us Awesome

• Our people and culture: You will get to work with awesome and friendly colleagues to whom you can expect to collaborate well to deliver your work. Empowerment is given and you will get a lot of opportunities for peer-learning.
• Availability of tools and applications: You will be provided with different tools to facilitate your work. Automate your work whenever possible so that you can focus on delivering impact for your role.
• Development focused: Your learning and growth matters most for us. We are people centric and always ready to help our people to define what they want to make an impact on and craft their learning plan accordingly.

Cool Perks/Benefits

• Hybrid working arrangement; Flexible working hours.
• Relax and unwind at the leisure area with video games, board games, books, and more.
• Wear your favourite jeans, or any cool OOTD so that you can work comfortably (in style).
• Coffee, tea, or snacks are available for consumption at the pantry. Because you’ll be happier with a full tummy.
• A healthy body leads to a brilliant mind. Let’s get moving with the inter-company sports team.
• There will be workshops, talent shows, sport activities, and other events for sharing and bonding.

Personal Data Protection

Setel Ventures Sdn Bhd (“Setel”, “we”, “our” “us”) is committed to protecting and respecting your privacy. This Setel privacy statement (“Privacy Statement”) explains what personal data we collect about you, when and why we collect it, how we use it, the conditions under which we may disclose it to others, your rights to your personal data and how we keep it secure. This Privacy Statement covers both our online and offline collection activities, including personal data that we collect through online platforms such as websites, applications, third party social networks or our online and physical events, or through other third parties that we work with. Please read this Privacy Statement carefully to understand our views and practices regarding your personal data.