Job Summary

Data & Digital Governance of Gamuda Berhad, the Senior Executive with experience in Information Security (ISO 27001), Data Privacy (ISO 27701), and IT Governance frameworks. Experienced in establishing enterprise-wide data protection strategies, ensuring compliance with global privacy and cybersecurity laws such as the GDPR, PDPA, and other regional data protection regulations in countries such as Malaysia, Singapore, Vietnam, Australia and others.

Strong background in aligning information governance initiatives with organizational objectives, integrating cybersecurity controls, data lifecycle management, and risk-based compliance frameworks to protect corporate assets and stakeholder interests. Skilled in leading cross-functional teams to drive digital trust, regulatory adherence, and continual improvement in information management practices across diverse business environments.

Key Responsibilities

1. ISO Related Matters
   • Define and oversee the execution of information security policies, standards, and controls to safeguard corporate assets.
   • Ensure the implementation, and continual improvement of the Information Security Management System (ISMS) in accordance with ISO/IEC 27001.
   • Conduct risk assessments and ensure mitigation strategies are effectively implemented across business units.
2. Data Governance and Management
   • Define and oversee the execution of Data Management related policies, standards and controls to data/ information of the Gamuda.
   • Implement and maintain the Privacy Information Management System (PIMS) based on ISO/IEC 27701.
   • Drive compliance with global privacy laws and regulations (e.g., GDPR, PDPA) and ensure data subject rights are respected.
   • Oversee data inventory, data flow mapping, and privacy impact assessments (PIAs/DPIAs).
   • Assist DPO for any Data related matters across the group.
   • Serve as the key liaison with regulators, auditors, and external stakeholders on data and cybersecurity matters.
   • Advocate for a culture of security and privacy through continuous awareness and training initiatives.
3. Cybersecurity and Compliance Integration
   • Collaborate with IT and Legal Department to align cybersecurity measures with regulatory requirements.
   • Monitor emerging cyber laws, data protection frameworks, and regulatory trends globally, advising the organization on compliance implications.
   • Manage internal and external audits, regulatory assessments, and certification renewals.
   • Benchmark against global standards and incorporate lessons learned from incidents, audits, and regulatory feedback.

Qualifications

Minimum Bachelor degree in Computer Science, Information Technology, Computer Engineering or its equivalent in IT related field.

Skills & Abilities

• Candidates holding an ISACA CISA, CGEIT, ISO 27001 & ISO 27701 Lead Auditor, CRISC, CISSP certification are preferred.
• Experience and knowledge of ISO 27701, PDPA, GDPR and other related privacy regulations are preferred.
• Knowledge of IT security, incident management, data protection tools, encryption technologies, and DLP mechanisms.
• Experience with internal/external audit management and compliance monitoring platforms.

Expected Minimum Years of Experience

At least 6 years experience in IT/Governance, compliance, IT Audits, Data management or Information Security.