Security Analyst
Hybrid · Cyberjaya, Selangor, Malaysia
Job Summary
Security Governance, Assurance & Risk Support role focused on monitoring adherence to security policies, supporting risk assessments for projects/platforms/services, aiding internal/external audits (ISO 27001, SOC 2, PCI DSS), supporting control design and testing, managing security metrics and compliance monitoring, tracking non-conformities and remediation, and producing security reports for stakeholders. Reports to a Senior Manager and operates in a Hybrid setup with 2 days on-site per week. Requires 2-4 years of experience in information security, IT risk, compliance, or audit, and knowledge of ISO 27001, SOC 2, or NIST frameworks, with familiarity in security metrics, monitoring tools, and cloud/SaaS environments. Desirable certifications include ISO 27001 Lead Implementor/Auditor, CCSK, CySA+, Security+, CISA, CRISC, CISSP.
Required Qualifications
- 2-4 years of experience in information security, IT risk, compliance, or audit
- understanding of security and risk frameworks such as ISO 27001, SOC 2, or NIST
- familiarity with security metrics, control monitoring, and compliance reporting
- experience with security audits, assurance, or compliance activities
- exposure to security monitoring tools (e.g., Panaseer, Checkmarx, Wiz.io)
- security or risk-related certifications (ISO 27001 Lead Implementor/Auditor, CCSK, CySA+, Security+, CISA, CRISC, CISSP) or working towards them
- ability to analyze information and document findings
- awareness of cloud, SaaS, or enterprise platforms
- hybrid work arrangement: 2 days in-office per week
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.