IT Security & Data Governance Manager at MediExpress

Job Description:

Latest Job Information from Company MediExpress as position IT Security & Data Governance Manager. If Job Vacancy IT Security & Data Governance Manager in Subang Jaya, Selangor matches your criteria, please send your latest application/CV directly through the latest and most updated job site Jobkos.

Every job may not be easy to apply for, because as a new candidate / prospective employee must meet several qualifications and requirements according to the criteria sought by the Company. Hopefully the career information from MediExpress as the position IT Security & Data Governance Manager below matches your qualifications.

Mediexpress (M) Sdn Bhd

Who We Are

At Mediexpress (M) Sdn Bhd, we're proud to be one of Malaysia's leaders in managed healthcare services and part of a global Japanese multinational group. We believe in making healthcare services simpler, smarter, and more effective — and we know it takes great people to make that happen.

What You'll Be Doing

To safeguard sensitve data ensuring regulatory compliance and protecting IT systems & infrastructure from evolving cybersecurity threats and responsible for the strategic & operational oversight of the organization's cybersecurity posture, data protection governance, and compliance with regulatory frameworks such as PDPA, ISO 27001, and BNM guidelines (RMiT & BCM). This role also assumes the responsibility of the Data Protection Officer (DPO) under the Personal Data Protection Act 2010 (PDPA), ensuring the confidentiality, integrity, and availability of sensitive information assets. This is a mid-level to senior role that blends technical, strategic and leadership responsibilities.

1. Information Security Management

• - Lead the planning, development, and implementation of the IT security strategy aligned with business objectives

•  - Oversee technical security controls, policies, and guidelines across IT systems, applications, and infrastructure

• - Ensure threat intelligence, vulnerability management, and incident response procedures are in place and well maintained

• - Collaborate with Infrastructure, Application, and Compliance teams on secure architecture and configuration

2. Data Protection & DPO Responsibilities

• - Act as the appointed Data Protection Officer (DPO) under PDPA 2010

• - Monitor compliance with data protection regulations and internal policies

• - Coordinate with departments on personal data processing risk assessments, DPIAs, and consent management practices

• - Handle data breach response coordination, including regulatory notifications and investigations

3. Governance, Risk & Compliance

• - Drive IT risk management activities, including IT/cyber risk assessments, internal audits, and mitigation plans

• - Maintain and enhance alignment with frameworks such as ISO/IEC 27001, NIST, CIS, and BNM TRMF/CRM

• - Support the Compliance Manager with audits and regulatory inquiries involving IT controls

• - Develop and update IT security policies, SOPs, and playbooks

4. Cyber Risk Management & Security Assessment

• - Perform regular risk assessments of networks, systems, applications

• - Identify vulnerabilities, recommend mitigation strategies, and ensure preventive/corrective actions are implemented.

• - Schedule and coordinate vulnerability scans and remediation cycles

• - Track open vulnerabilities and patching validation efforts & compliance across systems

• - Work closely with Vendors, Infrastructure, Software Engineering team to close critical security gaps

5. Security Operations, Application & Infrastructure Oversight

• - Manage and monitor firewalls (e.g., Fortigate, Palo Alto), IDS/IPS, WAF, DDOS, Endpoint protection tools (Client, Server & Email)

• - Collaborate with infrastructure/network/software teams/SOC/NOC:

    i. to secure VPNs, firewalls, and segmentation policies

    ii. to oversee secure configuration and patch management of physical servers, VMs, and cloud    

        platforms

    iii. to implement secure configuration baselines for servers/virtualized servers, network & storage devices,

databases, and applications

    ii. to monitor privileged access usage ensuring proper logging and account lifecyle reviews

• - Support secure SDLC practices in software development and deployment (for in-house apps, portals and mobile apps)

6. Access Control, Identity Management & Data Protection

• Ensure robust Identity & Access Management (IAM) across systems:

    i. enforcing access control policies, ensuring least privilege and role-based access

    ii. managing multi-factor authentication (MFA) and privileged access for critical systems

• Work with Stakeholders, HR and IT to enforce role-based access and employee lifecycle policies

• Implement encryption, secure transmission, and backup protection policies

• Periodic review of user accounts, especially after employee offboarding.

7. Incident Response & Threat Handling

• Develop and lead incident response plans (IRP)

• Act as the point-of-contact for all security breaches, incidents, and investigations

• Conduct post-mortems, report findings, and implement learnings to improve resilience

8. Third-Party & Vendor Risk Management

• Conduct due diligence on third-party vendors and ensure secure integration practices

• Regularly review vendor SLAs and security certifications

9. Stakeholder & Regulator Liaison

• Collaborate with IT, HR, Operations & Legal representatives to implement best practices

• Review security and data protection related clauses in contracts and third-party agreements

• Support communication with the PDP Commissioner Office (JPDP) and assist in audits

10. Training and Awareness

• Work closely with IT Compliance Manager to build a security-conscious culture throughout the organization, conduct security/cyber hygiene, data privacy and handling awareness programs for employees and/or relevant departments and vendors where applicable

• Maintain training records, materials and awareness results

11. Documentation & Audit Support

• - Where applicable, keep records of security logs, asset inventories, access review findings, and privacy compliance checklists

• Assist with internal/external audit readiness, documentation, and evidence collection

• Participate in client due diligence exercises, security questionnaires, and audits

What Will Help You Succeed

1. Excellent written and verbal communication skills for both technical and non-technical audiences

2. Analytical, critical thinking and risk assessment capabilities

3. Ability to interpret and translate regulatory requirements into business action with strong understanding of security, personal data handling and privacy obligations

4. Ability to educate, influence, and guide teams in adopting secure practices.

5. Ability to work independently and manage cross-functional stakeholders and clients

What We're Looking For

1. Bachelor's degree in computer science, Information Technology, or related field

2. 15+ years in Information Security, Risk Management or Data Governance

3. Deep understanding of network security, VPN/IPSec, endpoint protection, log analysis, vulnerability scanning, and data protection.

4. Hands-on experience with firewalls (Fortigate, SonicWall, Palo Alto, etc), SIEM tools, DLP, IAM (Identity and Access Management), Virtualization, Veeam backup systems, and hybrid cloud security setups

5. Experience in a regulated environment (insurance, healthcare, finance) is strongly preferred

6. Familiarity with ISO 27001 or IT governance or relevant security frameworks is a plus

7. Certifications in CISSP / CISM / CRISC / CISA is a plus

Why Join Us

At Mediexpress, you'll not only be part of a company that leads in healthcare services, but also one that values collaboration, growth, and innovation. We offer opportunities to learn, contribute, and make a meaningful impact in a supportive environment.

Job Info:

• Company: MediExpress
• Position: IT Security & Data Governance Manager
• Work Location: Subang Jaya, Selangor
• Country: MY

How to Submit an Application:

After reading and understanding the criteria and minimum qualification requirements explained in the job information IT Security & Data Governance Manager at the office Subang Jaya, Selangor above, immediately complete the job application files such as a job application letter, CV, photocopy of diploma, transcript, and other supplements as explained above. Submit via the Next Page link below.