JOB DESCRIPTION

Job Description (JD)

Nama ProgramKESELAMATAN SIBER [K622-001-SS:2026]
Kod CUK622-001-SS:2026-C01
CompetencyCore
Tajuk CUCyber Security Governance, Risk & Compliance (GRC)
Penerangan CUExpert Element Overview:

Cyber Security Governance, Risk & Compliance (GRC) describes the expert in integrating governance structures, enterprise risk processes, and compliance functions to strengthen organisational resilience. At the Senior Skills Expert level, the individual aligns multi-domain cyber initiatives with organisational strategy, standardises governance practices across business units, and evaluates enterprise-wide control effectiveness. The expert drives operational assurance by coordinating risk treatments, strengthening compliance programmes, and validating audit readiness. This role requires advanced analytical capability, cross-functional coordination, and the ability to influence organisational behaviour to cultivate a mature, risk-aware culture aligned with regulatory and industry standards.
Tempoh Latihan0
Objektif Pembelajaran1.The person who is expert in this activity should capable to
i)Optimise governance policies and control effectiveness;
ii)Integrate enterprise risks and strengthen operational assurance;
iii)Strengthen audit capabilities and compliance assurance;

2.The outcome of this domain is able to
i)Align cyber governance structures with organisational strategy and enterprise performance objectives.
ii)Integrate cyber risk management across departments to support enterprise risk decision-making.
iii)Enhance governance maturity through consistent evaluation, improvement, and standardisation of controls.
iv)Strengthen audit, compliance, and assurance processes to meet regulatory expectations.
v)Coordinate enterprise-wide governance reporting to support executive oversight and strategic alignment.
vi)Drive organisation-wide awareness and capability building to sustain resilient GRC practices.

3.Professional certifications related to this domain expertise include, but are not limited to:
i)Certified in Risk and Information Systems Control (CRISC).
ii)Certified Information Security Manager (CISM).
iii)Certified Information Systems Auditor (CISA).
iv)Certified in the Governance of Enterprise IT (CGEIT).
Pra-SyaratK622-001-SE:2026