Overview

Cloud Project Risk Advisory, Cloud & Third-Party Cyber Risk, Group Cyber & Technology Risk, Group Risk Jobs in Federal Territory of Kuala Lumpur, Malaysia at Maybank

Title: Cloud Project Risk Advisory, Cloud & Third-Party Cyber Risk, Group Cyber & Technology Risk, Group Risk

Company: Maybank

Location: Federal Territory of Kuala Lumpur, Malaysia

Job Description:

This role provides independent second‑line cyber and technology risk advisory and challenge across cloud programmes, initiatives, and projects during the design and implementation phases. The role supports informed risk‑based decision‑making by identifying material cloud risks early, assessing control design adequacy, and providing structured advisory inputs to governance and risk forums. The role’s involvement concludes prior to production deployment, with post‑implementation risk oversight and assurance performed by the Cloud Risk Assurance function.

Cloud Project Risk Advisory & Challenge

  • Provide independent second‑line risk challenge across cloud projects, migrations, and new service onboarding initiatives.
  • Engage cloud delivery, architecture, and security teams during early design stages.

Control Design & Architecture Review

  • Independently review cloud security architectures and proposed control designs against Group standards and regulatory expectations.
  • Identify design gaps, compensating controls, and residual risks

Risk Documentation & Escalation Support

  • Maintain auditable records of identified risks, observations, and advisory opinions.
  • Support escalation of material risks to appropriate governance forums.

Stakeholder Engagement & Risk Advisory Support

  • Act as a second‑line point of contact for cloud project risk queries.
  • Provide structured advisory inputs to the Head, Cloud & Third‑Party Cyber Risk for reporting and escalation.

Second‑Line Advisory Independence & Scope Boundaries

  • Provide independent second‑line cyber and technology risk advisory and challenge during cloud project design and delivery phases.
  • Avoid ownership, approval, implementation, or remediation of cloud architectures, security controls, or risk treatment actions.

Job Requirements:

  • Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Risk Management, or related discipline.
  • Master’s Degree or postgraduate qualification in Information Security, Technology Risk, or Enterprise Risk Management.
  • Experienced in cloud security, technology risk, cyber risk advisory, or solution architecture roles
  • Having any of these certifications is a plus (but not mandatory): CISM, CISSP, CCSP, CCSK, or vendor specific security certifications like AWS Certified Security Specialty, SC-100 Microsoft Cybersecurity Architect or equivalent, CRISC, CISA.
  • Demonstrated experience providing risk advisory or challenge during project delivery or design phases.
  • Experience working in or closely with second‑line risk, assurance, or control functions.
  • Strong knowledge of international standards (NIST, ISO 27001, CIS) and regional regulatory requirements (e.g., BNM RMIT, MAS).
  • Deep expertise in cloud security architecture, concentration risk, and systemic third-party risk.
  • Proven ability to work cross-functionally with stakeholders across risk, procurement, legal and business functions.
  • Experience designing and scaling cloud risk assessment methodologies.
  • Strong executive communication skills, including Board and regulator engagement.
  • Familiarity with GRC and Cyber Risk Management platforms
Upload your CV/resume or any other relevant file. Max. file size: 800 MB.