Cybersecurity Risk Specialist

Job Description

The Cybersecurity Risk Specialist is responsible for executing the organization’s cybersecurity risk management strategy, overseeing the cybersecurity risk acceptance process and supporting tools, conducting enterprise-wide cybersecurity maturity assessments, and evaluating third-party cybersecurity risks. This role is critical in maintaining the organization’s cyber risk posture, enhancing risk governance, and supporting data-driven, risk-informed decision-making by senior management and the Board. The specialist also plays a key role in ensuring compliance with internal policies and regulatory requirements while driving continuous improvement in cybersecurity risk practices.

Responsibilities

• Perform in-depth assessments of both existing and emerging cybersecurity risks affecting internal systems, applications, and infrastructure, ensuring alignment with the enterprise risk management framework and compliance standards adopted by Celcomdigi
• Monitor and maintain the Cybersecurity Risk Register, tracking mitigation strategies, treatment plans, and control effectiveness to ensure timely remediation of the identified risks.
• Produce periodic cybersecurity risk reports for senior management and Board Risk Committee, highlighting key risk trends, evolving threat landscapes, and significant changes in risk ratings requiring executive attention.
• Manage Cybersecurity Risk Acceptance process, including the evaluation of non-compliance exceptions and documentation of informed business decisions to accept residual risks.
• Facilitate enterprise-wide awareness initiatives to strengthen understanding and adoption of cybersecurity risk acceptance process across business and technical stakeholders.
• Champion the automation and digitalisation of risk management and risk acceptance workflows by enhancing GRC platforms and tools (e.g., ServiceNow, Power Apps).
• Conduct enterprise-wide Cybersecurity Maturity Assessments to evaluate current state, identify gaps, and support roadmap development for improved cyber resilience
  
  

Requirements

• Bachelor's degree in Cybersecurity, Risk Management, Information Technology, or a related field.
• Minimum 3–5 years of experience in cybersecurity risk management, GRC, or related functions.
• Strong understanding of cybersecurity frameworks and regulatory standards (e.g., ISO 27001, NIST CSF, ).
• Experience using GRC Tool and workflow platforms e.g ServiceNow, .
• Demonstrated ability to communicate cybersecurity risks clearly to technical and non-technical stakeholders, including senior management.
• Strong analytical skills, attention to detail, and stakeholder engagement capability.
• Preferred certifications: CRISC, CISA, CISSP, or ISO 27001 Lead Auditor/Implementer.
  
  

Next Steps

Thank you for taking the first step towards joining our team at CelcomDigi! After submitting your application, our Talent Acquisition team will review your CV and reach out to shortlisted candidates to guide you through the next steps, including a pre-screening conversation, interviews and or assessments.

At CelcomDigi, we aspire to be Malaysia’s leading telco-tech company — the nation’s digital growth engine — powering transformation through 5G, AI, and innovation that impacts over 20 million customers. Here, your role goes beyond work. It’s about enabling businesses to thrive, connecting communities, and advancing society, as we build a brand rooted in trust, reliability and customer excellence. Aligned with our employer value proposition, Grow with Purpose. Build with Trust, you’ll have the opportunity to innovate responsibly and create digital solutions that truly make a difference. If you're driven, future focused, and ready to be part of something bigger, we want you on our team.

Let’s advance and inspire Malaysia together! #WeAreCelcomDigi

Follow CelcomDigi on LinkedIn and vote for us as Malaysia’s Most Preferred Employer at the GRADUAN Brand Awards.

CelcomDigi is an equal opportunity employer, and committed to promote employment practices that are transparent, objective and fair.