Senior Executive, Cybersecurity GRC [RID-00655]

About Setel:

The Future of Mobility

Introduced in July 2018, Setel is a mobile platform that aims to delight customers by innovating for better, inclusive mobility. Setel serves customers across Malaysia by powering one app as the constant companion to ease motorists’ journey across fueling, parking, EV charging, motor insurance, road tax, auto assistance, general purchases, and more across an ecosystem of PETRONAS petrol stations, retail partners, and online merchants.

Role Purpose:

The Senior Executive, Cybersecurity GRC supports the organization’s cybersecurity governance, risk, and compliance initiatives by assisting in the implementation of cybersecurity frameworks, regulatory compliance activities, risk assessments, control assurance, audit coordination, and remediation tracking to strengthen the company’s overall cyber resilience and technology risk posture.

In this role you will:

Governance

• Support the development, review, and maintenance of cybersecurity and technology risk policies, standards, procedures, guidelines, and control requirements.
• Assist in implementing and maintaining the Technology Risk Management Framework, Cyber Resilience Framework and related governance documents.
• Support the alignment of cybersecurity governance practices with BNM requirements, PCI-DSS, NIST CSF and internal risk appetite.
• Prepare input for management and board reporting, cyber risk dashboards, and regulatory progress updates.

Risk

• Assist in conducting cybersecurity and technology risk assessments for systems, applications, infrastructure, cloud services, SaaS platforms, third parties, and business initiatives.
• Maintain and update the cybersecurity and technology risk register.
• Track remediation actions and follow up with control owners to ensure timely closure of identified risks, audit findings, regulatory gaps, and assessment observations
• Support Cybersecurity Business Impact Assessment and Business Risk Assessment activities, including asset prioritization, criticality assessment, control assessment, and impact analysis.
• Support third-party risk assessments for vendors including cloud service providers, SaaS platforms, payment service providers, and other critical outsourcing arrangements.
• Assist in reviewing third-party security documents such as ISO/IEC 27001 certificates, SOC reports, PCI-DSS attestations, penetration test summaries, incident history and data protection controls.

Compliance

• Support ongoing compliance with applicable BNM policy requirements, Paynet, PCI-DSS, and other relevant regulatory or industry standards.
• Assist in performing compliance gap assessments and maintaining compliance trackers, evidence repositories, regulatory obligation registers, and remediation status updates.
• Assist in coordinating audit, regulatory review, internal assurance, and PCI-DSS assessment activities, including evidence collection, stakeholder follow-up, walkthrough preparation, and issue tracking.
• Support PCI-DSS continuous compliance monitoring, including control ownership, evidence readiness, periodic reviews, and remediation of control gaps.
• Maintain documentation to support regulatory compliance, including policies, procedures, risk assessments, control testing evidence, committee updates, and approval records.
• Assist in coordinating cybersecurity control assurance activities, including access reviews, SOC monitoring governance, incident response readiness, phishing awareness, cyber drill follow-ups, and security exception reviews.
• Support validation of remediation evidence for cybersecurity findings, control gaps, and audit observations.
• Track recurring cybersecurity control activities such as user access reviews, vendor reassessments, policy reviews, risk reviews, PCI-DSS evidence refresh and cyber awareness activities.

You're a great fit if you have:

• 3–6 years experience in cybersecurity, IT risk, GRC, audit or compliance (regulated environment preferred).
• Working knowledge of BNM RMiT, PCI-DSS or similar frameworks. Knowledge in NIST and ISO27001 is an added advantage.
• Exposure to regulated environments, financial services, fintech, payment services, or cloud-based technology environments is preferred.
• Strong documentation, analytical, coordination, and stakeholder management skills.
• Ability to maintain trackers, dashboards, risk registers, evidence repositories, management updates, and remediation status reports.
• Good understanding of cybersecurity governance, risk assessment, compliance monitoring, control testing, audit coordination, and remediation tracking.
• Degree in IT, Information Security, Cybersecurity, Computer Science or related field (certifications such as CISSP, CCSP, CISM, CRISC, ISO 27001 are an added advantage).

What Makes Working With Us Awesome

• Our people and culture: You will get to work with awesome and friendly colleagues to whom you can expect to collaborate well to deliver your work. Empowerment is given and you will get a lot of opportunities for peer-learning.
• Availability of tools and applications: You will be provided with different tools to facilitate your work. Automate your work whenever possible so that you can focus on delivering impact for your role.
• Development focused: Your learning and growth matters most for us. We are people centric and always ready to help our people to define what they want to make an impact on and craft their learning plan accordingly.

Cool Perks/Benefits

• Hybrid working arrangement; Flexible working hours.
• Relax and unwind at the leisure area with video games, board games, books, and more.
• Wear your favourite jeans, or any cool OOTD so that you can work comfortably (in style).
• Coffee, tea, or snacks are available for consumption at the pantry. Because you’ll be happier with a full tummy.
• A healthy body leads to a brilliant mind. Let’s get moving with the inter-company sports team.
• There will be workshops, talent shows, sport activities, and other events for sharing and bonding.

Personal Data Protection

Setel Ventures Sdn Bhd (“Setel”, “we”, “our” “us”) is committed to protecting and respecting your privacy. This Setel privacy statement (“Privacy Statement”) explains what personal data we collect about you, when and why we collect it, how we use it, the conditions under which we may disclose it to others, your rights to your personal data and how we keep it secure. This Privacy Statement covers both our online and offline collection activities, including personal data that we collect through online platforms such as websites, applications, third party social networks or our online and physical events, or through other third parties that we work with. Please read this Privacy Statement carefully to understand our views and practices regarding your personal data.