Overview
Information Technology Governance Consultant Jobs in Greater Kuala Lumpur at EC-Council Global Services
Title: Information Technology Governance Consultant
Company: EC-Council Global Services
Location: Greater Kuala Lumpur
Position: Senior Consultant – Tech Risk, Cyber & Privacy Advisory
Location : Kuala Lumpur, Malaysia, On-Site
EC-Council is the world's largest cyber security technical certification body. We operate in 145 countries globally and we are the owner and developer of various world-famous cyber security programs. We are proud to have trained and certified over 400,000 information security
professionals globally that have influenced the cyber security mindset of countless organizations worldwide.
www.eccouncil.org
Role Overview:
We are seeking an experienced Senior Consultant – Tech Risk, Cyber & Privacy Advisory professional to lead client engagements, deliver high-quality advisory services, and manage end-to-end project execution. This role is responsible for implementing and enhancing cybersecurity governance frameworks such as ISO 27001, NIST Cybersecurity Framework, and COBIT, conducting risk and compliance assessments, and supporting audit readiness initiatives.
Key Responsibilities:
- Project Oversight & Team Leadership
- Plan, delegate, and monitor project tasks, ensuring timelines, budgets, and quality standards are met.
- Coach, mentor, and support the professional development of junior team members.
- Client Engagement & Advisory
- Deliver high-quality consulting services to clients.
- Serve as the primary point of contact for clients on GRC-related projects.
- Understand client needs and provide tailored cybersecurity governance, risk management, and compliance solutions.
- Facilitate workshops, meetings, and presentations with client stakeholders.
- Governance & Risk Management
- Design and implement IT governance frameworks aligned with industry standards (e.g., COBIT, ISO 27001, NIST CSF).
- Conduct IT risk assessments, gap analyses, and maturity assessments across people, processes, and technology.
- Recommend and implement risk mitigation strategies and controls.
- Compliance & Audit Readiness
- Assist clients in achieving and maintaining compliance with regulatory and industry standards (e.g., BNM RMiT, MCA, SOC 2, ISO27001).
- Lead compliance audits and readiness assessments.
- Develop policies, procedures, and documentation to support compliance initiatives.
- Framework Implementation
- Guide clients in adopting and operationalizing cybersecurity and GRC frameworks (ISO, NIST, CIS, etc.).
- Translate technical requirements into business-aligned risk strategies.
- Reporting & Communication
- Provide regular status updates to both internal and external stakeholders.
- Communicate technical risk concepts in a clear, business-focused manner.
- Service Development & Innovation
- Develop and enhance IT GRC service methodologies.
- Stay up to date with emerging regulations, standards, and industry trends.
- Business Development Support
- Assist in proposal development, RFP responses, and client pitches.
- Identify new opportunities within existing client accounts.
- Bridge client requirements with our service offerings
Required Skills and Qualifications:
- Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Business IT or equivalent
- 5–8 years of experience in IT Governance, Risk Management, Compliance, or Cybersecurity.
- Minimum 2–3 years in a managerial, team lead, or project management role within a consulting or professional services environment.
- Familiar with cybersecurity standards/information security standards, best practices, laws, guidelines, benchmarks, etc., such as ISO 27001, NIST CSF, CIS, SOC2, BNM RMiT and PDPA
- Understanding of NIST 800-53 / RMIT Cloud Technology Risk Assessment Guideline (CTRAG) / ISO 42001 is a plus
- Ability to manage multiple project sand deliver within the agreed timeline
- Attention to detail, analytical and problem-solving capabilities
- Excellent written, oral communication and presentation skills. (English is required. Bahasa / Chinese is an advantage.
- Preferably holding certifications such as ISO 27001: Lead Auditor, CISA, CISSP, CISM, CCISO, etc., is an added advantage
About Our Culture:
EC-Council is driven by a mission to strengthen global cybersecurity capability and advance the profession of ethical hacking and information security. Our teams operate across regions and cultures, united by integrity, professionalism, and a commitment to meaningful impact. Continuous learning and accountability are encouraged, empowering individuals to take ownership of their contributions. Respect, trust, and ethical conduct guide how we work with colleagues, partners, and the global cybersecurity community.
Additional Information:
EC-Council is an equal opportunity workplace and an affirmative action employer. We are committed to providing equal employment opportunities regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or veteran status. We do not discriminate based on these or any other characteristics protected by applicable laws or regulations in the locations where we operate.
EC-Council is dedicated to working with and providing reasonable accommodation to individuals with disabilities. If you have a medical condition or disability that limits your ability to complete any part of the application process and require reasonable accommodation, please contact us at [email protected] and let us know how we can assist.
To be eligible for this position, candidates must be able to provide proof that they are either a citizen of the country or have legal authorization to work in the country where the position is posted and are currently residing there. EC-Council does not offer employment to ineligible candidates and reserves the right to revoke employment in case the candidate loses the authorization to work.
If, as part of the recruitment process, you are required to complete or submit any form of work, project, case study, or assignment, please note that such material will be considered the exclusive property of EC-Council. By submitting such work, you acknowledge that EC-Council retains all rights, title, and interest in the submitted content, including any intellectual property contained therein.
Candidates further waive any intellectual property or moral rights in such submissions, confirm that the work is original and free of third-party infringement, and acknowledge that it is provided solely for evaluation purposes, with no ownership or other rights retained.
Our Privacy Policy outlines how we collect, use, store, and protect your personal data during the recruitment process. This may include information such as your name, contact details, employment history, qualifications, and any other details you provide as part of your application. All data is handled in compliance with applicable data protection and privacy regulations.
Please review our policy here: EC-Council Privacy Policy – User and Company | EC-Council.
Submission of your application will be considered as your acceptance of the terms stated above.